Vulnerabilities > CVE-2023-39507 - Missing Authorization vulnerability in Recruit Rikunabi Next

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

recruit

CWE-862

NVD

Published: 2023-08-16

Updated: 2023-08-22

Summary

Improper authorization in the custom URL scheme handler in "Rikunabi NEXT" App for Android prior to ver. 11.5.0 allows a malicious intent to lead the vulnerable App to access an arbitrary website.

Vulnerable Configurations

Part	Description	Count
Application	Recruit Recruit Rikunabi Next *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://jvn.jp/en/jp/JVN84820712/