CVE-2023-22362 - Vulnerability Details - OpenCVE

SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows: SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00147.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Akindo-sushiro	Hong Kong Sushiro Singapore Sushiro Sushiro Taiwan Sushiro Thailand Sushiro

Configuration 1 [-]

OR	cpe:2.3:a:akindo-sushiro:hong_kong_sushiro:3.0.3:::::android::
	cpe:2.3:a:akindo-sushiro:singapore_sushiro:2.0.3:::::android::
	cpe:2.3:a:akindo-sushiro:sushiro:4.0.31:::::android::
	cpe:2.3:a:akindo-sushiro:taiwan_sushiro:2.0.3:::::android::
	cpe:2.3:a:akindo-sushiro:thailand_sushiro:2.0.3:::::android::

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://jvn.jp/en/jp/JVN84642320/
https://play.google.com/store/apps/details?id=hk.co.akindo_sushiro.sushiroapp
https://play.google.com/store/apps/details?id=jp.co.akindo_sushiro.sushiroapp
https://play.google.com/store/apps/details?id=sg.co.akindo_sushiro.sushiroapp
https://play.google.com/store/apps/details?id=th.co.akindo_sushiro.sushiroapp
https://play.google.com/store/apps/details?id=tw.co.akindo_sushiro.sushiroapp

History

Fri, 21 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2023-02-13T00:00:00.000Z

Updated: 2025-03-21T14:32:31.724Z

Reserved: 2022-12-28T00:00:00.000Z

Link: CVE-2023-22362

Vulnrichment

Updated: 2024-08-02T10:07:06.595Z

NVD

Status : Modified

Published: 2023-02-13T02:21:07.360

Modified: 2025-03-21T15:15:40.457

Link: CVE-2023-22362

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-22362", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "dateUpdated": "2025-03-21T14:32:31.724Z", "dateReserved": "2022-12-28T00:00:00.000Z", "datePublished": "2023-02-13T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2023-02-13T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows: SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1"}], "affected": [{"vendor": "AKINDO SUSHIRO CO., LTD.", "product": "SUSHIRO App for Android", "versions": [{"version": "SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1", "status": "affected"}]}], "references": [{"url": "https://play.google.com/store/apps/details?id=jp.co.akindo_sushiro.sushiroapp"}, {"url": "https://play.google.com/store/apps/details?id=th.co.akindo_sushiro.sushiroapp"}, {"url": "https://play.google.com/store/apps/details?id=hk.co.akindo_sushiro.sushiroapp"}, {"url": "https://play.google.com/store/apps/details?id=sg.co.akindo_sushiro.sushiroapp"}, {"url": "https://play.google.com/store/apps/details?id=tw.co.akindo_sushiro.sushiroapp"}, {"url": "https://jvn.jp/en/jp/JVN84642320/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Insertion of sensitive information into log file"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:07:06.595Z"}, "title": "CVE Program Container", "references": [{"url": "https://play.google.com/store/apps/details?id=jp.co.akindo_sushiro.sushiroapp", "tags": ["x_transferred"]}, {"url": "https://play.google.com/store/apps/details?id=th.co.akindo_sushiro.sushiroapp", "tags": ["x_transferred"]}, {"url": "https://play.google.com/store/apps/details?id=hk.co.akindo_sushiro.sushiroapp", "tags": ["x_transferred"]}, {"url": "https://play.google.com/store/apps/details?id=sg.co.akindo_sushiro.sushiroapp", "tags": ["x_transferred"]}, {"url": "https://play.google.com/store/apps/details?id=tw.co.akindo_sushiro.sushiroapp", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN84642320/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-532", "lang": "en", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-21T14:30:48.588374Z", "id": "CVE-2023-22362", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-21T14:32:31.724Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://play.google.com/store/apps/details?id=jp.co.akindo_sushiro.sushiroapp", "tags": ["x_transferred"]}, {"url": "https://play.google.com/store/apps/details?id=th.co.akindo_sushiro.sushiroapp", "tags": ["x_transferred"]}, {"url": "https://play.google.com/store/apps/details?id=hk.co.akindo_sushiro.sushiroapp", "tags": ["x_transferred"]}, {"url": "https://play.google.com/store/apps/details?id=sg.co.akindo_sushiro.sushiroapp", "tags": ["x_transferred"]}, {"url": "https://play.google.com/store/apps/details?id=tw.co.akindo_sushiro.sushiroapp", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN84642320/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:07:06.595Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-22362", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-21T14:30:48.588374Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-21T14:31:24.314Z"}}], "cna": {"affected": [{"vendor": "AKINDO SUSHIRO CO., LTD.", "product": "SUSHIRO App for Android", "versions": [{"status": "affected", "version": "SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1"}]}], "references": [{"url": "https://play.google.com/store/apps/details?id=jp.co.akindo_sushiro.sushiroapp"}, {"url": "https://play.google.com/store/apps/details?id=th.co.akindo_sushiro.sushiroapp"}, {"url": "https://play.google.com/store/apps/details?id=hk.co.akindo_sushiro.sushiroapp"}, {"url": "https://play.google.com/store/apps/details?id=sg.co.akindo_sushiro.sushiroapp"}, {"url": "https://play.google.com/store/apps/details?id=tw.co.akindo_sushiro.sushiroapp"}, {"url": "https://jvn.jp/en/jp/JVN84642320/"}], "descriptions": [{"lang": "en", "value": "SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows: SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Insertion of sensitive information into log file"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2023-02-13T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2023-22362", "state": "PUBLISHED", "dateUpdated": "2025-03-21T14:32:31.724Z", "dateReserved": "2022-12-28T00:00:00.000Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2023-02-13T00:00:00.000Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:akindo-sushiro:hong_kong_sushiro:3.0.3:*:*:*:*:android:*:*", "matchCriteriaId": "D0406FED-C1A3-479D-9AA7-53B415F70B11", "vulnerable": true}, {"criteria": "cpe:2.3:a:akindo-sushiro:singapore_sushiro:2.0.3:*:*:*:*:android:*:*", "matchCriteriaId": "A9ADD771-3484-4E19-A52E-AEE4F8943555", "vulnerable": true}, {"criteria": "cpe:2.3:a:akindo-sushiro:sushiro:4.0.31:*:*:*:*:android:*:*", "matchCriteriaId": "C912C42A-8D56-4197-B5EB-06BDD87EFF8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:akindo-sushiro:taiwan_sushiro:2.0.3:*:*:*:*:android:*:*", "matchCriteriaId": "21C54BA1-A878-4A70-B16C-20EEF5F3D4EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:akindo-sushiro:thailand_sushiro:2.0.3:*:*:*:*:android:*:*", "matchCriteriaId": "934D169B-2E13-47F4-BAB1-86BAB82E35B6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Affected products/versions are as follows: SUSHIRO Ver.4.0.31, Thailand SUSHIRO Ver.1.0.0, Hong Kong SUSHIRO Ver.3.0.2, Singapore SUSHIRO Ver.2.0.0, and Taiwan SUSHIRO Ver.2.0.1"}], "id": "CVE-2023-22362", "lastModified": "2025-03-21T15:15:40.457", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-02-13T02:21:07.360", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN84642320/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://play.google.com/store/apps/details?id=hk.co.akindo_sushiro.sushiroapp"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://play.google.com/store/apps/details?id=jp.co.akindo_sushiro.sushiroapp"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://play.google.com/store/apps/details?id=sg.co.akindo_sushiro.sushiroapp"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://play.google.com/store/apps/details?id=th.co.akindo_sushiro.sushiroapp"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://play.google.com/store/apps/details?id=tw.co.akindo_sushiro.sushiroapp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN84642320/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://play.google.com/store/apps/details?id=hk.co.akindo_sushiro.sushiroapp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://play.google.com/store/apps/details?id=jp.co.akindo_sushiro.sushiroapp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://play.google.com/store/apps/details?id=sg.co.akindo_sushiro.sushiroapp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://play.google.com/store/apps/details?id=th.co.akindo_sushiro.sushiroapp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://play.google.com/store/apps/details?id=tw.co.akindo_sushiro.sushiroapp"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}