| Título | GRID GmbH GRID ORGANISER(co.gridapp.organiser) 1.0.5 Segment Write Key Exposure |
|---|
| Descripción | In the Android application co.gridapp.organiser version 1.0.5, a hardcoded Segment write key was discovered in the source file res/raw/app.json. An attacker can extract this key through reverse engineering and use it to send arbitrary tracking events and modify user profiles via Segment’s API. This allows injection of fraudulent analytics data, potentially leading to corrupted business intelligence, incorrect user segmentation, and misuse of downstream systems that rely on this data. |
|---|
| Fuente | ⚠️ https://www.notion.so/Segment-Write-Key-Exposure-Leading-to-Data-Injection-and-User-Profile-Manipulation-In-co-gridapp-org-3262de3f97fb801b9173c4851c7ad864?source=copy_link |
|---|
| Usuario | fxizenta (UID 28116) |
|---|
| Sumisión | 2026-03-17 14:01 (hace 20 días) |
|---|
| Moderación | 2026-04-03 00:14 (16 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 355042 [GRID Organiser App hasta 1.0.5 en Android co.gridapp.organiser file res/raw/app.json SegmentWriteKey cifrado débil] |
|---|
| Puntos | 17 |
|---|