Vulnerabilities > CVE-2021-20715 - Missing Authorization vulnerability in Recruit-Holdings HOT Pepper Gourmet 4.111.0

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE

Summary

Improper access control vulnerability in Hot Pepper Gourmet App for Android ver.4.111.0 and earlier, and for iOS ver.4.111.0 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.

Vulnerable Configurations

Part Description Count
Application
Recruit-Holdings
4

Common Weakness Enumeration (CWE)