The Skoda Automotive cloud contains a Broken Access Control vulnerability, allowing remote attackers to obtain recent trip data, vehicle mileage, fuel consumption, average and maximum speed, and other information of Skoda Connect service users by specifying an arbitrary vehicle VIN number.
References
Link | Resource |
---|---|
https://asrg.io/security-advisories/cve-2023-28901/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ASRG
Published: 2024-01-18T16:27:43.711Z
Updated: 2024-01-18T16:27:43.711Z
Reserved: 2023-03-27T14:51:13.968Z
Link: CVE-2023-28901
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-18T17:15:14.003
Modified: 2024-01-26T15:01:23.443
Link: CVE-2023-28901
JSON object: View
Redhat Information
No data.