Security Advisory | MinigameCenter information leakage vulnerability

Original release date: 2025-01-08

CVE ID

CVE-2024-13186

CVSS 3.1 Base Score

6.5 Medium (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

Description

The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage.

Software Versions and Fixes

Temporary Fix

NA

Obtaining Fixed Software

The vulnerability can be fixed by updating the vivo MinigameCenter.

Source

From white hat hacker:ZZZ

Update Records

2025-01-08 V1.0 INITIAL

FAQs

NA

vivo Security Procedures

vivo is committed to providing users with best cyber security products and services, and follows the industrial best practice to handle and publish vunerability information.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.