Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Juiker app by Juiker

    CVE-2022-39043 (GCVE-0-2022-39043)

    Vulnerability from nvd – Published: 2023-03-27 00:00 – Updated: 2025-02-19 20:23
    VLAI
    Title
    Juiker app - Information Leakage
    Summary
    Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Juiker Juiker app Affected: 4.6.0607.1
    Create a notification for this product.
    Date Public
    2023-02-08 00:00
    Credits
    RayHong (CCoE)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T11:10:32.444Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6922-4a37a-1.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-39043",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-19T20:23:11.618268Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-19T20:23:21.067Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Android"
              ],
              "product": "Juiker app",
              "vendor": "Juiker",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.6.0607.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "RayHong (CCoE)"
            }
          ],
          "datePublic": "2023-02-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-27T00:00:00.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "url": "https://www.twcert.org.tw/tw/cp-132-6922-4a37a-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Juiker app version to 4.6.1223.1"
            }
          ],
          "source": {
            "advisory": "TVN-202208008",
            "discovery": "EXTERNAL"
          },
          "title": "Juiker app - Information Leakage",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-39043",
        "datePublished": "2023-03-27T00:00:00.000Z",
        "dateReserved": "2022-08-30T00:00:00.000Z",
        "dateUpdated": "2025-02-19T20:23:21.067Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-38117 (GCVE-0-2022-38117)

    Vulnerability from nvd – Published: 2022-10-24 13:21 – Updated: 2025-05-07 13:34
    VLAI
    Title
    Juiker app - Hard-coded Credentials
    Summary
    Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Juiker Juiker app Affected: 4.6.0311.1
    Create a notification for this product.
    Date Public
    2022-10-24 00:00
    Credits
    RayHong (CCoE)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:45:52.820Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6630-d4d2f-1.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-38117",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T13:33:24.537624Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T13:34:07.470Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Juiker app",
              "vendor": "Juiker",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.6.0311.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "RayHong (CCoE)"
            }
          ],
          "datePublic": "2022-10-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users\u2019 ciphertext and tamper with it."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-24T00:00:00.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "url": "https://www.twcert.org.tw/tw/cp-132-6630-d4d2f-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Juiker app version to 4.6.0915.1"
            }
          ],
          "source": {
            "advisory": "TVN-202208002",
            "discovery": "EXTERNAL"
          },
          "title": "Juiker app - Hard-coded Credentials",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-38117",
        "datePublished": "2022-10-24T13:21:03.691Z",
        "dateReserved": "2022-08-10T00:00:00.000Z",
        "dateUpdated": "2025-05-07T13:34:07.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-39043 (GCVE-0-2022-39043)

    Vulnerability from cvelistv5 – Published: 2023-03-27 00:00 – Updated: 2025-02-19 20:23
    VLAI
    Title
    Juiker app - Information Leakage
    Summary
    Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Juiker Juiker app Affected: 4.6.0607.1
    Create a notification for this product.
    Date Public
    2023-02-08 00:00
    Credits
    RayHong (CCoE)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T11:10:32.444Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6922-4a37a-1.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-39043",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-19T20:23:11.618268Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-19T20:23:21.067Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Android"
              ],
              "product": "Juiker app",
              "vendor": "Juiker",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.6.0607.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "RayHong (CCoE)"
            }
          ],
          "datePublic": "2023-02-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-27T00:00:00.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "url": "https://www.twcert.org.tw/tw/cp-132-6922-4a37a-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Juiker app version to 4.6.1223.1"
            }
          ],
          "source": {
            "advisory": "TVN-202208008",
            "discovery": "EXTERNAL"
          },
          "title": "Juiker app - Information Leakage",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-39043",
        "datePublished": "2023-03-27T00:00:00.000Z",
        "dateReserved": "2022-08-30T00:00:00.000Z",
        "dateUpdated": "2025-02-19T20:23:21.067Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-38117 (GCVE-0-2022-38117)

    Vulnerability from cvelistv5 – Published: 2022-10-24 13:21 – Updated: 2025-05-07 13:34
    VLAI
    Title
    Juiker app - Hard-coded Credentials
    Summary
    Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Juiker Juiker app Affected: 4.6.0311.1
    Create a notification for this product.
    Date Public
    2022-10-24 00:00
    Credits
    RayHong (CCoE)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:45:52.820Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-6630-d4d2f-1.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-38117",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T13:33:24.537624Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T13:34:07.470Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Juiker app",
              "vendor": "Juiker",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.6.0311.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "RayHong (CCoE)"
            }
          ],
          "datePublic": "2022-10-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users\u2019 ciphertext and tamper with it."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-24T00:00:00.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "url": "https://www.twcert.org.tw/tw/cp-132-6630-d4d2f-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update Juiker app version to 4.6.0915.1"
            }
          ],
          "source": {
            "advisory": "TVN-202208002",
            "discovery": "EXTERNAL"
          },
          "title": "Juiker app - Hard-coded Credentials",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2022-38117",
        "datePublished": "2022-10-24T13:21:03.691Z",
        "dateReserved": "2022-08-10T00:00:00.000Z",
        "dateUpdated": "2025-05-07T13:34:07.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }