| Название | Noelse Noelse - Individuals & Pro(com.afone.noelse) 2.1.7 Segment Write Key Exposure |
|---|
| Описание | In the Android application com.afone.noelse version 2.1.7, a hardcoded Segment write key was discovered in the source file com/reactnative/antelop/BuildConfig.java. An attacker can extract this key through reverse engineering and use it to send arbitrary tracking events and modify user profiles via Segment’s API. This allows injection of fraudulent analytics data, potentially leading to corrupted business intelligence, incorrect user segmentation, and misuse of downstream systems that rely on this data. |
|---|
| Источник | ⚠️ https://www.notion.so/Segment-Write-Key-Exposure-Leading-to-Data-Injection-and-User-Profile-Manipulation-In-com-afone-noel-3262de3f97fb80549986ddd8a160ed32?source=copy_link |
|---|
| Пользователь | fxizenta (UID 28116) |
|---|
| Представление | 17.03.2026 14:16 (20 дни назад) |
|---|
| Модерация | 03.04.2026 00:23 (16 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 355046 [Noelse Individuals & Pro App до 2.1.7 на Android com.afone.noelse BuildConfig.java SEGMENT_WRITE_KEY слабое шифрование] |
|---|
| Баллы | 17 |
|---|