CVE-2020-15165 — CRITICAL (9.3)

Vulnerability Description

Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending all users upgrade to v1.1.8 as soon as possible. For more information, review the referenced GitHub Security Advisory.

CVSS Score

9.3

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Chameleon Mini Live Debugger Project	Chameleon Mini Live Debugger	1.1.6

Related Weaknesses (CWE)

CWE-506

References

https://github.com/maxieds/ChameleonMiniLiveDebugger/security/advisories/GHSA-8qExploitThird Party Advisory
https://play.google.com/store/apps/details?id=com.maxieds.chameleonminilivedebugProductThird Party Advisory
https://github.com/maxieds/ChameleonMiniLiveDebugger/security/advisories/GHSA-8qExploitThird Party Advisory
https://play.google.com/store/apps/details?id=com.maxieds.chameleonminilivedebugProductThird Party Advisory

FAQ

What is CVE-2020-15165?

CVE-2020-15165 is a vulnerability with a CVSS score of 9.3 (CRITICAL). Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending a...

How severe is CVE-2020-15165?

CVE-2020-15165 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-15165?

Check the references section above for vendor advisories and patch information. Affected products include: Chameleon Mini Live Debugger Project Chameleon Mini Live Debugger.