Abstract Advisory Information
An inccorect access control vulnerability in the Travely Android application allows attacker to Hijacking any other user session via an unrestricted API route.
Authors: Michaël Lucas
Name: Travely Android application
Common Vulnerability Scoring System
The access control was reviewed on the backend API on 2019-04-11.
Vulnerability Disclosure Timeline
- 11/04/2019: Vulnerability discovered
- 11/04/2019: First contact with the support
- 11/04/2019: Support fix the vulnerability
- 25/04/2019: Public Disclosure