Search

Find a vulnerability

Search criteria

    4 vulnerabilities by Gurunavi, Inc.

    CVE-2021-20693 (GCVE-0-2021-20693)

    Vulnerability from nvd – Published: 2021-04-26 00:20 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
    Severity
    No CVSS data available.
    CWE
    • Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Gurunavi, Inc. Gurunavi App Affected: for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:45.534Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN54025691/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gurunavi App",
              "vendor": "Gurunavi, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-26T00:20:40.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN54025691/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20693",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Gurunavi App",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Gurunavi, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/jp/JVN54025691/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN54025691/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20693",
        "datePublished": "2021-04-26T00:20:40.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:45.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20693 (GCVE-0-2021-20693)

    Vulnerability from cvelistv5 – Published: 2021-04-26 00:20 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
    Severity
    No CVSS data available.
    CWE
    • Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Gurunavi, Inc. Gurunavi App Affected: for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:45.534Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN54025691/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Gurunavi App",
              "vendor": "Gurunavi, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-26T00:20:40.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN54025691/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20693",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Gurunavi App",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Gurunavi, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iOS ver.11.1.2 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jvn.jp/en/jp/JVN54025691/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN54025691/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20693",
        "datePublished": "2021-04-26T00:20:40.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:45.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2021-000031

    Vulnerability from jvndb - Published: 2021-04-14 17:22 - Updated:2023-03-08 17:02
    Severity
    Summary
    Gurunavi Apps fail to restrict access permissions
    Details
    Gurunavi Apps provided by Gurunavi, Inc. implement the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability (CWE-284) that may allow the vulnerable App to receive an request from an arbitrary App and execute an access. Ryo Sato of BroadBand Security,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000031.html",
      "dc:date": "2023-03-08T17:02+09:00",
      "dcterms:issued": "2021-04-14T17:22+09:00",
      "dcterms:modified": "2023-03-08T17:02+09:00",
      "description": "Gurunavi Apps provided by Gurunavi, Inc. implement the function to access a requested URL using Custom URL Scheme.\r\nThis function contains an improper access control vulnerability (CWE-284) that may allow the vulnerable App to receive an request from an arbitrary App and execute an access.\r\n\r\nRyo Sato of BroadBand Security,Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000031.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:gurunavi:gournavi",
          "@product": "Gurunavi",
          "@vendor": "Gurunavi, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:gurunavi:gournavi",
          "@product": "Gurunavi",
          "@vendor": "Gurunavi, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "3.3",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2021-000031",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN54025691/index.html",
          "@id": "JVN#54025691",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20693",
          "@id": "CVE-2021-20693",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20693",
          "@id": "CVE-2021-20693",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        }
      ],
      "title": "Gurunavi Apps fail to restrict access permissions"
    }

    JVNDB-2015-000181

    Vulnerability from jvndb - Published: 2015-11-17 14:21 - Updated:2018-03-07 12:17
    Severity
    N/A (UNKNOWN) - -
    Summary
    Gurunavi App for iOS fails to verify SSL server certificates
    Details
    Gurunavi App for iOS provided by Gurunavi, Inc. fails to verify SSL server certificates. AOKI Keiichi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000181.html",
      "dc:date": "2018-03-07T12:17+09:00",
      "dcterms:issued": "2015-11-17T14:21+09:00",
      "dcterms:modified": "2018-03-07T12:17+09:00",
      "description": "Gurunavi App for iOS provided by Gurunavi, Inc. fails to verify SSL server certificates.\r\n\r\nAOKI Keiichi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000181.html",
      "sec:cpe": {
        "#text": "cpe:/a:gurunavi:gournavi",
        "@product": "Gurunavi",
        "@vendor": "Gurunavi, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.0",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2015-000181",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN29141986/index.html",
          "@id": "JVN#29141986",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7778",
          "@id": "CVE-2015-7778",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2015-7778",
          "@id": "CVE-2015-7778",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Gurunavi App for iOS fails to verify SSL server certificates"
    }