fkie_cve-2024-0245
Vulnerability from fkie_nvd
Published
2025-03-20 10:15
Modified
2025-10-15 13:15
Severity ?
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for task hijacking. This vulnerability permits malicious applications to inherit permissions of the vulnerable app, potentially leading to the exposure of sensitive information. An attacker can create a malicious app that hijacks the legitimate Inure app, intercepting and stealing sensitive information when installed on the victim's device. This issue affects all Android versions before Android 11.
References
security@huntr.devhttps://github.com/hamza417/inure/commit/a0c3e68b0542bcd7007c93618e0d50a5331de061
security@huntr.devhttps://huntr.com/bounties/2108644e-9e54-4236-932d-f204fc68b607
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for task hijacking. This vulnerability permits malicious applications to inherit permissions of the vulnerable app, potentially leading to the exposure of sensitive information. An attacker can create a malicious app that hijacks the legitimate Inure app, intercepting and stealing sensitive information when installed on the victim\u0027s device. This issue affects all Android versions before Android 11."
    },
    {
      "lang": "es",
      "value": "Una configuraci\u00f3n incorrecta en el archivo AndroidManifest.xml de hamza417/inure anterior a la compilaci\u00f3n 97 permite el secuestro de tareas. Esta vulnerabilidad permite que aplicaciones maliciosas hereden los permisos de la aplicaci\u00f3n vulnerable, lo que podr\u00eda exponer informaci\u00f3n confidencial. Un atacante puede crear una aplicaci\u00f3n maliciosa que secuestre la aplicaci\u00f3n leg\u00edtima Inure, interceptando y robando informaci\u00f3n confidencial al instalarse en el dispositivo de la v\u00edctima. Este problema afecta a todas las versiones de Android anteriores a Android 11."
    }
  ],
  "id": "CVE-2024-0245",
  "lastModified": "2025-10-15T13:15:33.377",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "security@huntr.dev",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-20T10:15:13.043",
  "references": [
    {
      "source": "security@huntr.dev",
      "url": "https://github.com/hamza417/inure/commit/a0c3e68b0542bcd7007c93618e0d50a5331de061"
    },
    {
      "source": "security@huntr.dev",
      "url": "https://huntr.com/bounties/2108644e-9e54-4236-932d-f204fc68b607"
    }
  ],
  "sourceIdentifier": "security@huntr.dev",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "security@huntr.dev",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.