Vulnerabilities > CVE-2023-29459 - Unspecified vulnerability in Redbull FC RED Bull Salzburg

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

redbull

NVD

Published: 2023-06-26

Updated: 2023-07-06

Summary

The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application's webview, thus allowing the loading of arbitrary content into the context of the application. This can occur via the fcrbs schema or an explicit intent invocation.

Vulnerable Configurations

Part	Description	Count
Application	Redbull Redbull FC RED Bull Salzburg *	1

References

https://play.google.com/store/apps/details?id=laola.redbull
http://packetstormsecurity.com/files/172701/FC-Red-Bull-Salzburg-App-5.1.9-R-Improper-Authorization.html