Incorrect Resource Transfer Between Spheres

CVE-2020-5800

High

9.8/10

Summary

The Eat Spray Love mobile app for both iOS and Android contains logic that allows users to bypass authentication and retrieve or modify information that they would not normally have access to.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-669 - Incorrect Resource Transfer Between Spheres

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

References

Advisory Timeline

Published Dec 07, 2020

Incorrect Resource Transfer Between Spheres

CVE-2020-5800

Summary

CWE-669 - Incorrect Resource Transfer Between Spheres

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS