Kanova Android App Improper Access Control Vulnerability Allowing Unauthorized Access to User and Group Information

Vulnerability

A vulnerability in the Kanova Android App, specifically in version 1.0.27 (package name com.karelane), developed by Karely L.L.C., has been identified. This vulnerability arises from improper access control, allowing attackers to manipulate API request parameters to gain unauthorized access to user details and group information, including entry codes. Exploitation of this vulnerability could lead to privacy breaches, unauthorized access to groups, and misuse of the platform.

Impact

Exploitation of this vulnerability could result in privacy violations, unauthorized access to user groups, and potential misuse of the Kanova platform.

Added: Oct 30, 2025, 5:26 PM

Updated: Oct 30, 2025, 9:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kanova Android App Improper Access Control Vulnerability Allowing Unauthorized Access to User and Group Information

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating