CVE-2023-40530

low-risk
Published 2023-08-25

Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device.

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.7/10 Medium
NETWORK / LOW complexity

Affected Products (2)

Skylark
Skylark

Affected Vendors

Skylark

References (6)

Product https://apps.apple.com/jp/app/%E3%81%99%E3%81%8B%E3%81%84%E3%82%89%E3%83%BC%E3%8...
Third Party Advisory https://jvn.jp/en/jp/JVN03447226/
Product https://play.google.com/store/apps/details?id=jp.co.skylark.app.gusto
Product https://apps.apple.com/jp/app/%E3%81%99%E3%81%8B%E3%81%84%E3%82%89%E3%83%BC%E3%8...
Third Party Advisory https://jvn.jp/en/jp/JVN03447226/
Product https://play.google.com/store/apps/details?id=jp.co.skylark.app.gusto
26
/ 100
low-risk
Severity 19/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 7/34 · Low