HIGH 7.5
CVE-2017-11132
An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the application would not notice it.
CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| heinekingmedia | stashcat | Android | ≤1.5.17 | cpe:2.3:a:heinekingmedia:stashcat:*:*:*:*:*:android:*:* |