Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistHackeroneCVELIST:CVE-2019-5431
HistoryMay 06, 2019 - 4:47 p.m.

CVE-2019-5431

2019-05-0616:47:30
CWE-352
hackerone
www.cve.org
3

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

41.4%

JSON

This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions 3.0 to 3.4.0 is vulnerable to a callback verification flaw in the “Login with Twitter” component allowing an attacker to provide alternate credentials. In the final step of “Login with Twitter” authentication information is passed back to the application using the registered custom URL scheme (typically twitterkit-<consumer-key>) on iOS. Because the callback handler did not verify the authenticity of the response, this step is vulnerable to forgery, potentially allowing attacker to associate a Twitter account with a third-party service.

CNA Affected

[
  {
    "product": "Twitter Kit for iOS",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "v3.4.2"
      }
    ]
  }
]

Related

osv 2
nvd 2
prion 2
cve 2
cvelist 1
osv
osv
CVE-2019-5431
2019-05-06 17:29:00
CVE-2017-0911
2018-02-09 22:29:00
nvd
nvd
CVE-2019-5431
2019-05-06 17:29:00
CVE-2017-0911
2018-02-09 22:29:00
prion
prion
Authentication flaw
2019-05-06 17:29:00
Authentication flaw
2018-02-09 22:29:00
cve
cve
CVE-2019-5431
2019-05-06 17:29:00
CVE-2017-0911
2018-02-09 22:29:00
cvelist
cvelist
CVE-2017-0911
2018-02-09 22:00:00

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

41.4%

JSON
Related for CVELIST:CVE-2019-5431
osv2nvd2prion2cve2cvelist1