Description
An attacker can receive trip details by Škoda vehicle VIN number, if the primary user is registered in the vehicle (CVE-2023-28901). This issue is categorized as a Broken Access Control vulnerability. An attacker can act outside of the intended permissions that allow him to get information on trip timestamps, fuel consumption, speed, etc.
Advisory Details
- CVE ID
- CVE-2023-28901
- Affected Products
- Skoda Connect
- Problem Type
- CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
- CAPEC ID
- CAPEC-116 Excavation
- Published
- Jan 18, 2024