CVE-2023-36612
Last modified
CVE-2023-36612 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using a malicious intent, the attacker may redirect the server's responses (containing sensitive information) to third-party applications by using a custom-crafted deeplink scheme.. EPSS estimates a 0.79% chance of exploitation in the next 30 days.
Description
Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory. Additionally, by using a malicious intent, the attacker may redirect the server's responses (containing sensitive information) to third-party applications by using a custom-crafted deeplink scheme.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Basecamp | Basecamp | < 4.2.1 |
References
- https://hackerone.com/reports/1710541Exploit, Third Party Advisory
- https://hackerone.com/reports/1710541Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-36612?
How severe is CVE-2023-36612?
How do I fix CVE-2023-36612?
Are you affected by CVE-2023-36612?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST