Search criteria
2 vulnerabilities by retty
CVE-2021-20748 (GCVE-0-2021-20748)
Vulnerability from cvelistv5 – Published: 2021-07-14 01:20 – Updated: 2024-08-03 17:53
VLAI
Summary
Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.
Severity
No CVSS data available.
CWE
- Use of Hard-coded Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://drive.google.com/file/d/1PBYqIsK8QxEEhGJ4… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN26891339/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Retty Inc. | Retty App |
Affected:
Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1PBYqIsK8QxEEhGJ4SEgpY7iZw3RTTDho/view"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN26891339/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Retty App",
"vendor": "Retty Inc.",
"versions": [
{
"status": "affected",
"version": "Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-14T01:20:24.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/1PBYqIsK8QxEEhGJ4SEgpY7iZw3RTTDho/view"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN26891339/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Retty App",
"version": {
"version_data": [
{
"version_value": "Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14"
}
]
}
}
]
},
"vendor_name": "Retty Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/file/d/1PBYqIsK8QxEEhGJ4SEgpY7iZw3RTTDho/view",
"refsource": "MISC",
"url": "https://drive.google.com/file/d/1PBYqIsK8QxEEhGJ4SEgpY7iZw3RTTDho/view"
},
{
"name": "https://jvn.jp/en/jp/JVN26891339/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN26891339/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20748",
"datePublished": "2021-07-14T01:20:25.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:53:22.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20747 (GCVE-0-2021-20747)
Vulnerability from cvelistv5 – Published: 2021-07-14 01:20 – Updated: 2024-08-03 17:53
VLAI
Summary
Improper authorization in handler for custom URL scheme vulnerability in Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
Severity
No CVSS data available.
CWE
- Improper Authorization in Handler for Custom URL Scheme
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://drive.google.com/file/d/1PBYqIsK8QxEEhGJ4… | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN26891339/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Retty Inc. | Retty App |
Affected:
Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:21.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1PBYqIsK8QxEEhGJ4SEgpY7iZw3RTTDho/view"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN26891339/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Retty App",
"vendor": "Retty Inc.",
"versions": [
{
"status": "affected",
"version": "Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in handler for custom URL scheme vulnerability in Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization in Handler for Custom URL Scheme",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-14T01:20:23.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/1PBYqIsK8QxEEhGJ4SEgpY7iZw3RTTDho/view"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN26891339/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20747",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Retty App",
"version": {
"version_data": [
{
"version_value": "Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14"
}
]
}
}
]
},
"vendor_name": "Retty Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authorization in handler for custom URL scheme vulnerability in Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization in Handler for Custom URL Scheme"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drive.google.com/file/d/1PBYqIsK8QxEEhGJ4SEgpY7iZw3RTTDho/view",
"refsource": "MISC",
"url": "https://drive.google.com/file/d/1PBYqIsK8QxEEhGJ4SEgpY7iZw3RTTDho/view"
},
{
"name": "https://jvn.jp/en/jp/JVN26891339/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN26891339/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20747",
"datePublished": "2021-07-14T01:20:23.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:53:21.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}