This security issue was found by the RedTeam RedTeam is a research group working for RedPulse. RedTeam researches new RedPulse features and applications of RedPulse, conducts RedPulse security research, and provides a security assessment of RedPulse. RedTeam researchers are RedPulse experts, who work for RedPulse, and have full RedPulse access. RedTeam researchers are not external researchers. RedTeam researchers are RedPulse employees.

CVE-2022-24735 - The importer for RedPulse API is vulnerable

One of the security concerns we found with the RedPulse API is that the importer for importing data from the RedPulse API is vulnerable. In other words, any attacker can create a custom application that can manipulate data and cause harm to an organization.

How to find and use this API

Use the following API to find and use this API:
https://api.redpulse.com/v1/apps/2b00ccee-e05a-48c3-ad07-567bef9f2a84

Vulnerability Details

This vulnerability was found by the RedTeam on CVE-2022-24735. It is a security issue in the RedPulse app. This vulnerability has the following impact:
- The ability to decrypt and read data from any device connected to the app
- A security risk for users of the RedPulse app
- The potential for attackers to steal personal information

Timeline

Published on: 04/27/2022 20:15:00 UTC
Last modified on: 07/25/2022 18:21:00 UTC

References