CVE-2023-22362 - OpenCVE

SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows: SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Akindo-sushiro	Hong Kong Sushiro Singapore Sushiro Sushiro Taiwan Sushiro Thailand Sushiro

Configuration 1 [-]

OR	cpe:2.3:a:akindo-sushiro:hong_kong_sushiro:3.0.3:::::android::
	cpe:2.3:a:akindo-sushiro:singapore_sushiro:2.0.3:::::android::
	cpe:2.3:a:akindo-sushiro:sushiro:4.0.31:::::android::
	cpe:2.3:a:akindo-sushiro:taiwan_sushiro:2.0.3:::::android::
	cpe:2.3:a:akindo-sushiro:thailand_sushiro:2.0.3:::::android::

No data.

References

Link	Providers
https://jvn.jp/en/jp/JVN84642320/
https://play.google.com/store/apps/details?id=hk.co.akindo_sushiro.sushiroapp
https://play.google.com/store/apps/details?id=jp.co.akindo_sushiro.sushiroapp
https://play.google.com/store/apps/details?id=sg.co.akindo_sushiro.sushiroapp
https://play.google.com/store/apps/details?id=th.co.akindo_sushiro.sushiroapp
https://play.google.com/store/apps/details?id=tw.co.akindo_sushiro.sushiroapp

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2023-02-13T00:00:00

Updated: 2024-08-02T10:07:06.595Z

Reserved: 2022-12-28T00:00:00

Link: CVE-2023-22362

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-02-13T02:21:07.360

Modified: 2023-02-24T17:13:39.977

Link: CVE-2023-22362

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-22362", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "dateUpdated": "2024-08-02T10:07:06.595Z", "dateReserved": "2022-12-28T00:00:00", "datePublished": "2023-02-13T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2023-02-13T00:00:00"}, "descriptions": [{"lang": "en", "value": "SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows: SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1"}], "affected": [{"vendor": "AKINDO SUSHIRO CO., LTD.", "product": "SUSHIRO App for Android", "versions": [{"version": "SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1", "status": "affected"}]}], "references": [{"url": "https://play.google.com/store/apps/details?id=jp.co.akindo_sushiro.sushiroapp"}, {"url": "https://play.google.com/store/apps/details?id=th.co.akindo_sushiro.sushiroapp"}, {"url": "https://play.google.com/store/apps/details?id=hk.co.akindo_sushiro.sushiroapp"}, {"url": "https://play.google.com/store/apps/details?id=sg.co.akindo_sushiro.sushiroapp"}, {"url": "https://play.google.com/store/apps/details?id=tw.co.akindo_sushiro.sushiroapp"}, {"url": "https://jvn.jp/en/jp/JVN84642320/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Insertion of sensitive information into log file"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:07:06.595Z"}, "title": "CVE Program Container", "references": [{"url": "https://play.google.com/store/apps/details?id=jp.co.akindo_sushiro.sushiroapp", "tags": ["x_transferred"]}, {"url": "https://play.google.com/store/apps/details?id=th.co.akindo_sushiro.sushiroapp", "tags": ["x_transferred"]}, {"url": "https://play.google.com/store/apps/details?id=hk.co.akindo_sushiro.sushiroapp", "tags": ["x_transferred"]}, {"url": "https://play.google.com/store/apps/details?id=sg.co.akindo_sushiro.sushiroapp", "tags": ["x_transferred"]}, {"url": "https://play.google.com/store/apps/details?id=tw.co.akindo_sushiro.sushiroapp", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN84642320/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:akindo-sushiro:hong_kong_sushiro:3.0.3:*:*:*:*:android:*:*", "matchCriteriaId": "D0406FED-C1A3-479D-9AA7-53B415F70B11", "vulnerable": true}, {"criteria": "cpe:2.3:a:akindo-sushiro:singapore_sushiro:2.0.3:*:*:*:*:android:*:*", "matchCriteriaId": "A9ADD771-3484-4E19-A52E-AEE4F8943555", "vulnerable": true}, {"criteria": "cpe:2.3:a:akindo-sushiro:sushiro:4.0.31:*:*:*:*:android:*:*", "matchCriteriaId": "C912C42A-8D56-4197-B5EB-06BDD87EFF8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:akindo-sushiro:taiwan_sushiro:2.0.3:*:*:*:*:android:*:*", "matchCriteriaId": "21C54BA1-A878-4A70-B16C-20EEF5F3D4EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:akindo-sushiro:thailand_sushiro:2.0.3:*:*:*:*:android:*:*", "matchCriteriaId": "934D169B-2E13-47F4-BAB1-86BAB82E35B6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows: SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1"}], "id": "CVE-2023-22362", "lastModified": "2023-02-24T17:13:39.977", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-13T02:21:07.360", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN84642320/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://play.google.com/store/apps/details?id=hk.co.akindo_sushiro.sushiroapp"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://play.google.com/store/apps/details?id=jp.co.akindo_sushiro.sushiroapp"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://play.google.com/store/apps/details?id=sg.co.akindo_sushiro.sushiroapp"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://play.google.com/store/apps/details?id=th.co.akindo_sushiro.sushiroapp"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://play.google.com/store/apps/details?id=tw.co.akindo_sushiro.sushiroapp"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}