FKIE_CVE-2020-7744

Vulnerability from fkie_nvd - Published: 2020-10-15 13:15 - Updated: 2024-11-21 05:37
Severity ?
4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Summary
This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Docs links. 2. All apk downloads, either organic or not. Mintegral listens to download events in Android's download manager and detects if the downloaded file's url contains: a. google.com or comes from a Google app (the com.android.vending package) b. Ends with .apk for apk downloads In both cases, the module sends the captured data back to Mintegral's servers. Note that the malicious functionality keeps running even if the app is currently not in focus (running in the background).
References
report@snyk.iohttps://snyk.io/blog/remote-code-execution-rce-sourmint/Technical Description, Third Party Advisory
report@snyk.iohttps://snyk.io/research/sour-mint-malicious-sdk/Technical Description, Third Party Advisory
report@snyk.iohttps://snyk.io/vuln/SNYK-JAVA-COMMINTEGRALMSDK-1018714Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://snyk.io/blog/remote-code-execution-rce-sourmint/Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://snyk.io/research/sour-mint-malicious-sdk/Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://snyk.io/vuln/SNYK-JAVA-COMMINTEGRALMSDK-1018714Third Party Advisory
Impacted products
Vendor Product Version
mintegral mintegraladsdk -
google android -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mintegral:mintegraladsdk:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA48ECCB-BEC3-452C-80EF-61C9C3A6DB22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Docs links. 2. All apk downloads, either organic or not. Mintegral listens to download events in Android\u0027s download manager and detects if the downloaded file\u0027s url contains: a. google.com or comes from a Google app (the com.android.vending package) b. Ends with .apk for apk downloads In both cases, the module sends the captured data back to Mintegral\u0027s servers. Note that the malicious functionality keeps running even if the app is currently not in focus (running in the background)."
    },
    {
      "lang": "es",
      "value": "Esto afecta a todas las versiones del paquete com.mintegral.msdk:alphab.\u0026#xa0;El SDK de Android distribuido por la empresa contiene una funcionalidad maliciosa en este m\u00f3dulo que rastrea: 1. Descargas desde las URL de Google ya sea dentro de las aplicaciones de Google o por medio del navegador, incluyendo las descargas de archivos, los archivos adjuntos de correo electr\u00f3nico y los enlaces de Google Docs.\u0026#xa0;2. Todas las descargas de apk, ya sean org\u00e1nicas o no.\u0026#xa0;Mintegral escucha los eventos de descarga en el administrador de descargas de Android y detecta si la URL del archivo descargado contiene: a.\u0026#xa0;google.com o proviene de una aplicaci\u00f3n de Google (el paquete com.android.vending) b.\u0026#xa0;Termina con .apk para descargas de apk. En ambos casos, el m\u00f3dulo env\u00eda los datos capturados hacia los servidores de Mintegral.\u0026#xa0;Tome en cuenta que la funcionalidad maliciosa sigue ejecut\u00e1ndose incluso si la aplicaci\u00f3n no est\u00e1 actualmente enfocada (ejecut\u00e1ndose en segundo plano)"
    }
  ],
  "id": "CVE-2020-7744",
  "lastModified": "2024-11-21T05:37:43.243",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "report@snyk.io",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-10-15T13:15:12.993",
  "references": [
    {
      "source": "report@snyk.io",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://snyk.io/blog/remote-code-execution-rce-sourmint/"
    },
    {
      "source": "report@snyk.io",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://snyk.io/research/sour-mint-malicious-sdk/"
    },
    {
      "source": "report@snyk.io",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://snyk.io/vuln/SNYK-JAVA-COMMINTEGRALMSDK-1018714"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://snyk.io/blog/remote-code-execution-rce-sourmint/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://snyk.io/research/sour-mint-malicious-sdk/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://snyk.io/vuln/SNYK-JAVA-COMMINTEGRALMSDK-1018714"
    }
  ],
  "sourceIdentifier": "report@snyk.io",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.