All Security Advisories
CVE-2023-28901Jan 18, 2024

Trip Data Disclosure from Backend

Description

An attacker can receive trip details by Škoda vehicle VIN number, if the primary user is registered in the vehicle (CVE-2023-28901). This issue is categorized as a Broken Access Control vulnerability. An attacker can act outside of the intended permissions that allow him to get information on trip timestamps, fuel consumption, speed, etc.

Advisory Details

Affected Products
Skoda Connect
Problem Type
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CAPEC ID
CAPEC-116 Excavation
Published
Jan 18, 2024
View on NVD