In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from continued exposure of private personal information.
References
Link | Resource |
---|---|
https://www.samwallace.dev/research/Harvesting%20Emails%20with%20Expired%20Garmin%20LiveTrack%20Sessions | Exploit Third Party Advisory |
Configurations
Information
Published : 2023-01-03 20:15
Updated : 2023-01-11 06:19
NVD link : CVE-2022-46081
Mitre link : CVE-2022-46081
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
garmin
- connect