Primary

Context

Gunosy App Sensitive Information Disclosure Vulnerability

Vulnerability

A vulnerability exists in the Gunosy App for Android and iOS, both prior to version 7.34.0, allowing sensitive information to be unintentionally included in outgoing communications. This issue arises when a user accesses a specially crafted URL, potentially enabling an attacker to intercept the JSON Web Token (JWT) from the app's data transmission.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the user's JSON Web Token (JWT), which may be used to authenticate requests or access resources on behalf of the user.

Remediation

Users are advised to update the Gunosy App to the latest version available.

Added: Sep 2, 2025, 8:16 AM

Updated: Sep 2, 2025, 4:13 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Gunosy App Sensitive Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating