CVE-2024-1608

Published: Feb 20, 2024Modified: Apr 2, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction.

Affected (1)

Products: Oppo: Usercenter Credit Software Development Kit

Oppo

1 product

Usercenter Credit Software Development Kit

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oppo Usercenter Credit Software Development Kit	All versions

Related CWEs

CWE-280

Improper Handling of Insufficient Permissions or Privileges

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

References (2)

https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1759867611954552832

Source: security@oppo.com

Vendor Advisory

https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1759867611954552832

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.