{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0245", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-01-05T04:05:09.731Z", "datePublished": "2025-03-20T10:10:16.698Z", "dateUpdated": "2025-10-15T12:49:22.092Z"}, "containers": {"cna": {"title": "Task Hijacking in hamza417/inure", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-10-15T12:49:22.092Z"}, "descriptions": [{"lang": "en", "value": "A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for task hijacking. This vulnerability permits malicious applications to inherit permissions of the vulnerable app, potentially leading to the exposure of sensitive information. An attacker can create a malicious app that hijacks the legitimate Inure app, intercepting and stealing sensitive information when installed on the victim's device. This issue affects all Android versions before Android 11."}], "affected": [{"vendor": "hamza417", "product": "hamza417/inure", "versions": [{"version": "unspecified", "lessThan": "build97", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/2108644e-9e54-4236-932d-f204fc68b607"}, {"url": "https://github.com/hamza417/inure/commit/a0c3e68b0542bcd7007c93618e0d50a5331de061"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-276 Incorrect Default Permissions", "cweId": "CWE-276"}]}], "source": {"advisory": "2108644e-9e54-4236-932d-f204fc68b607", "discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-20T17:49:10.273985Z", "id": "CVE-2024-0245", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T18:23:39.037Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0245", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-20T17:49:10.273985Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T17:49:11.487Z"}}], "cna": {"title": "Task Hijacking in hamza417/inure", "source": {"advisory": "2108644e-9e54-4236-932d-f204fc68b607", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "hamza417", "product": "hamza417/inure", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "build97", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/2108644e-9e54-4236-932d-f204fc68b607"}, {"url": "https://github.com/hamza417/inure/commit/a0c3e68b0542bcd7007c93618e0d50a5331de061"}], "descriptions": [{"lang": "en", "value": "A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for task hijacking. This vulnerability permits malicious applications to inherit permissions of the vulnerable app, potentially leading to the exposure of sensitive information. An attacker can create a malicious app that hijacks the legitimate Inure app, intercepting and stealing sensitive information when installed on the victim's device. This issue affects all Android versions before Android 11."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-10-15T12:49:22.092Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0245", "state": "PUBLISHED", "dateUpdated": "2025-10-15T12:49:22.092Z", "dateReserved": "2024-01-05T04:05:09.731Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2025-03-20T10:10:16.698Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for task hijacking. This vulnerability permits malicious applications to inherit permissions of the vulnerable app, potentially leading to the exposure of sensitive information. An attacker can create a malicious app that hijacks the legitimate Inure app, intercepting and stealing sensitive information when installed on the victim's device. This issue affects all Android versions before Android 11."}, {"lang": "es", "value": "Una configuraci\u00f3n incorrecta en el archivo AndroidManifest.xml de hamza417/inure anterior a la compilaci\u00f3n 97 permite el secuestro de tareas. Esta vulnerabilidad permite que aplicaciones maliciosas hereden los permisos de la aplicaci\u00f3n vulnerable, lo que podr\u00eda exponer informaci\u00f3n confidencial. Un atacante puede crear una aplicaci\u00f3n maliciosa que secuestre la aplicaci\u00f3n leg\u00edtima Inure, interceptando y robando informaci\u00f3n confidencial al instalarse en el dispositivo de la v\u00edctima. Este problema afecta a todas las versiones de Android anteriores a Android 11."}], "id": "CVE-2024-0245", "lastModified": "2025-10-15T13:15:33.377", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-03-20T10:15:13.043", "references": [{"source": "[email protected]", "url": "https://github.com/hamza417/inure/commit/a0c3e68b0542bcd7007c93618e0d50a5331de061"}, {"source": "[email protected]", "url": "https://huntr.com/bounties/2108644e-9e54-4236-932d-f204fc68b607"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "[email protected]", "type": "Primary"}]}

{}