Published: 2020/08/26  Last Updated: 2020/08/26

Information from Nitori Holdings Co., Ltd.

Vulnerability ID:JVN#77402327
Title:NITORI App fails to restrict access permissions

This is a statement from the vendor itself with no modification by JPCERT/CC.

An insufficient access restriction vulnerability in the "NITORI App" has been identified.
Due to this vulnerability, it allowed access to any websites (e.g., websites not related with Nitori Holdings Co., Inc.) via the “NITORI App”.

The vulnerability has been fixed in version 6.1.0 or later, which was released on August 21, 2020, and will be resolved immediately after updating the application.

As of August 21, 2020, there have been no reports of the vulnerability being exploited