Search
Find a vulnerability
Search criteria
4 vulnerabilities by Gurunavi, Inc.
CVE-2021-20693 (GCVE-0-2021-20693)
Vulnerability from nvd – Published: 2021-04-26 00:20 – Updated: 2024-08-03 17:45
VLAI
Summary
Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
Severity
No CVSS data available.
CWE
- Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN54025691/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Gurunavi, Inc. | Gurunavi App |
Affected:
for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54025691/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gurunavi App",
"vendor": "Gurunavi, Inc.",
"versions": [
{
"status": "affected",
"version": "for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-26T00:20:40.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54025691/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gurunavi App",
"version": {
"version_data": [
{
"version_value": "for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier"
}
]
}
}
]
},
"vendor_name": "Gurunavi, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN54025691/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54025691/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20693",
"datePublished": "2021-04-26T00:20:40.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:45.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20693 (GCVE-0-2021-20693)
Vulnerability from cvelistv5 – Published: 2021-04-26 00:20 – Updated: 2024-08-03 17:45
VLAI
Summary
Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
Severity
No CVSS data available.
CWE
- Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN54025691/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Gurunavi, Inc. | Gurunavi App |
Affected:
for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN54025691/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Gurunavi App",
"vendor": "Gurunavi, Inc.",
"versions": [
{
"status": "affected",
"version": "for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-26T00:20:40.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN54025691/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gurunavi App",
"version": {
"version_data": [
{
"version_value": "for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier"
}
]
}
}
]
},
"vendor_name": "Gurunavi, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN54025691/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN54025691/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20693",
"datePublished": "2021-04-26T00:20:40.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:45.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2021-000031
Vulnerability from jvndb - Published: 2021-04-14 17:22 - Updated:2023-03-08 17:02
Severity
Summary
Gurunavi Apps fail to restrict access permissions
Details
Gurunavi Apps provided by Gurunavi, Inc. implement the function to access a requested URL using Custom URL Scheme.
This function contains an improper access control vulnerability (CWE-284) that may allow the vulnerable App to receive an request from an arbitrary App and execute an access.
Ryo Sato of BroadBand Security,Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000031.html",
"dc:date": "2023-03-08T17:02+09:00",
"dcterms:issued": "2021-04-14T17:22+09:00",
"dcterms:modified": "2023-03-08T17:02+09:00",
"description": "Gurunavi Apps provided by Gurunavi, Inc. implement the function to access a requested URL using Custom URL Scheme.\r\nThis function contains an improper access control vulnerability (CWE-284) that may allow the vulnerable App to receive an request from an arbitrary App and execute an access.\r\n\r\nRyo Sato of BroadBand Security,Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000031.html",
"sec:cpe": [
{
"#text": "cpe:/a:gurunavi:gournavi",
"@product": "Gurunavi",
"@vendor": "Gurunavi, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:gurunavi:gournavi",
"@product": "Gurunavi",
"@vendor": "Gurunavi, Inc.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "3.3",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000031",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN54025691/index.html",
"@id": "JVN#54025691",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20693",
"@id": "CVE-2021-20693",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20693",
"@id": "CVE-2021-20693",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Gurunavi Apps fail to restrict access permissions"
}
JVNDB-2015-000181
Vulnerability from jvndb - Published: 2015-11-17 14:21 - Updated:2018-03-07 12:17Summary
Gurunavi App for iOS fails to verify SSL server certificates
Details
Gurunavi App for iOS provided by Gurunavi, Inc. fails to verify SSL server certificates.
AOKI Keiichi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000181.html",
"dc:date": "2018-03-07T12:17+09:00",
"dcterms:issued": "2015-11-17T14:21+09:00",
"dcterms:modified": "2018-03-07T12:17+09:00",
"description": "Gurunavi App for iOS provided by Gurunavi, Inc. fails to verify SSL server certificates.\r\n\r\nAOKI Keiichi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000181.html",
"sec:cpe": {
"#text": "cpe:/a:gurunavi:gournavi",
"@product": "Gurunavi",
"@vendor": "Gurunavi, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000181",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN29141986/index.html",
"@id": "JVN#29141986",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7778",
"@id": "CVE-2015-7778",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2015-7778",
"@id": "CVE-2015-7778",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Gurunavi App for iOS fails to verify SSL server certificates"
}