CVE-2024-54014

Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead the application to access an arbitrary web site via another application installed on the user's device.

CVSS v3 3.6 LOW

3.6^/10

CVSS v3 : LOW

V3 Legend

Vector : AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://apps.apple.com/jp/app/%E3%81%99%E3%81%8B%E3%81%84%E3%82%89%E3%83%BC%E3%81%8F%E3%82%A2%E3%83%97%E3%83%AA/id906930478
https://jvn.jp/en/jp/JVN03447226/
https://play.google.com/store/apps/details?id=jp.co.skylark.app.gusto

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) La autorización incorrecta en el controlador para el problema del esquema de URL personalizado en la aplicación 'Skylark' para Android 6.2.13 y versiones anteriores y la aplicación 'Skylark' para iOS 6.2.13 y versiones anteriores permite que un atacante haga que la aplicación acceda a un sitio web arbitrario a través de otra aplicación instalada en el dispositivo del usuario.

05 Dec 2024, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-05 03:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-54014

Mitre link : CVE-2024-54014

CVE.ORG link : CVE-2024-54014

JSON object : View

Products Affected

No product.

CWE

CWE-939

Improper Authorization in Handler for Custom URL Scheme

3.6 /10