目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-939 自定义URL方案处理程序中的授权不正确 类漏洞列表 12

CWE-939 自定义URL方案处理程序中的授权不正确 类弱点 12 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-939 指应用在处理自定义 URL Scheme 时缺乏适当的授权控制。攻击者常通过构造恶意链接或诱导点击,利用未受限制的 Scheme 调用机制,触发目标应用执行非预期操作或访问敏感数据。开发者应实施严格的来源验证与权限检查,确保仅可信实体能调用特定 Handler,从而防止未授权访问并保障应用间通信的安全性。

MITRE CWE 官方描述
CWE:CWE-939 自定义 URL Scheme 处理程序中的授权不当 英文:该产品使用自定义 URL Scheme 的处理程序,但未正确限制哪些主体可以使用该 Scheme 调用处理程序。 移动平台和其他架构允许使用自定义 URL Scheme 以促进应用程序之间的通信。在 iOS 的情况下,这是执行应用间通信的唯一方法。实现方式由开发人员自行决定,这可能会在应用程序中引入安全漏洞。一个例子可能是通过自定义 URL Scheme 修改文件等潜在危险的功能。
常见影响 (1)
Access Control, OtherGain Privileges or Assume Identity, Varies by Context, Bypass Protection Mechanism
An attacker can access any functionality that is inadvertently accessible to the source.
缓解措施 (1)
Architecture and DesignUtilize a user prompt pop-up to authorize potentially harmful actions such as those modifying data or dealing with sensitive information. When designing functionality of actions in the URL scheme, consider whether the action should be accessible to all mobile applications, or if an allowlist of applications to interface with is appropriate.
代码示例 (2)
This iOS application uses a custom URL scheme. The replaceFileText action in the URL scheme allows an external application to interface with the file incomingMessage.txt and replace the contents with the text field of the query string.
NSString *stringURL = @"appscheme://replaceFileText?file=incomingMessage.txt&text=hello"; NSURL *url = [NSURL URLWithString:stringURL]; [[UIApplication sharedApplication] openURL:url];
Good · Objective-C
- (BOOL)application:(UIApplication *)application handleOpenURL:(NSURL *)url { if (!url) { return NO; } NSString *action = [url host]; if([action isEqualToString: @"replaceFileText"]) { NSDictionary *dict = [self parseQueryStringExampleFunction:[url query]]; //this function will write contents to a specified file FileObject *objectFile = [self writeToFile:[dict objectForKey: @"file"] withText:[dict objectForKey: @"text"]]; } return YES; }
Bad · Objective-C
These Android and iOS applications intercept URL loading within a WebView and perform special actions if a particular URL scheme is used, thus allowing the Javascript within the WebView to communicate with the application:
// Android @Override public boolean shouldOverrideUrlLoading(WebView view, String url){ if (url.substring(0,14).equalsIgnoreCase("examplescheme:")){ if(url.substring(14,25).equalsIgnoreCase("getUserInfo")){ writeDataToView(view, UserData); return false; } else{ return true; } } }
Bad · Java
// iOS -(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType { NSURL *URL = [exRequest URL]; if ([[URL scheme] isEqualToString:@"exampleScheme"]) { NSString *functionString = [URL resourceSpecifier]; if ([functionString hasPrefix:@"specialFunction"]) { // Make data available back in webview. UIWebView *webView = [self writeDataToView:[URL query]]; } return NO; } return YES; }
Bad · Objective-C
CVE ID标题CVSS风险等级Published
CVE-2026-35394 Mobile Next 安全漏洞 — mobile-mcp 8.3 High2026-04-06
CVE-2026-33335 Vikunja 安全漏洞 — vikunja 6.1 -2026-03-24
CVE-2026-26123 Microsoft Authenticator 安全漏洞 — Microsoft Authenticator for Android 5.5 Medium2026-03-10
CVE-2026-1046 Mattermost Desktop App 安全漏洞 — Mattermost 7.6 High2026-02-16
CVE-2025-67739 JetBrains TeamCity 安全漏洞 — TeamCity 3.1 Low2025-12-11
CVE-2025-41408 LY Yahoo! Shopping App 安全漏洞 — "Yahoo! Shopping" App for Android 6.1AIMediumAI2025-09-05
CVE-2024-54125 Shonen Jump+ 安全漏洞 — "Shonen Jump+" App for Android 6.1 -2024-12-17
CVE-2024-54014 Skylark Holdings Skylark App 安全漏洞 — 'Skylark' App for Android 6.5AIMediumAI2024-12-05
CVE-2024-33606 MicroDicom DICOM Viewer 安全漏洞 — DICOM Viewer 8.8 High2024-06-11
CVE-2023-43582 Zoom Client 授权问题漏洞 — Zoom Clients 5.5 Medium2023-11-14
CVE-2022-20736 Cisco AppDynamics Controller 安全漏洞 — Cisco AppDynamics 5.3 Medium2022-06-15
CVE-2020-11000 GreenBrowser 安全漏洞 — GreenBrowser 5.7 Medium2020-04-08

CWE-939(自定义URL方案处理程序中的授权不正确) 是常见的弱点类别,本平台收录该类弱点关联的 12 条 CVE 漏洞。