In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive information from a user's address book via wx.searchContacts.
References
Link | Resource |
---|---|
https://arxiv.org/pdf/2205.15202.pdf | Mitigation Technical Description Third Party Advisory |
https://github.com/BESTICSP/Vulnerabilities-Related-to-Mini-Programs-Permissions/blob/main/WX%20applet%20contact%20permission%20vulnerability%20report.pdf | Exploit Third Party Advisory |
https://pan.baidu.com/s/116sAQvs1CEzCeIfpI1NZvA | Exploit Permissions Required Third Party Advisory |
https://pan.baidu.com/s/1RqMrZBruZZ4OHdnXUN5xDw | Exploit Permissions Required Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-07-26T22:36:45
Updated: 2022-08-01T11:34:38
Reserved: 2021-08-29T00:00:00
Link: CVE-2021-40180
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-07-26T23:15:08.050
Modified: 2022-08-04T16:17:54.247
Link: CVE-2021-40180
JSON object: View
Redhat Information
No data.
CWE