CVE-2023-43991 is a medium-severity vulnerability identified in the PRIMA CLINIC mini-app running on Line version 13.6.1. The vulnerability arises from the leakage of the channel access token, which is a critical credential used to authenticate and authorize actions within the Line platform ecosystem. An attacker who successfully obtains this token can send crafted malicious notifications to users of the mini-app. These notifications could potentially be used to deliver phishing content, spread misinformation, or trigger unwanted actions within the app environment. The vulnerability does not require user interaction to be exploited once the token is leaked, and it can be exploited remotely over the network (AV:N). The attack complexity is low (AC:L), but it requires some level of privileges (PR:L), indicating that the attacker might need limited access or prior compromise to obtain the token. The vulnerability impacts confidentiality and integrity, as unauthorized notifications can lead to information disclosure or manipulation, but it does not affect availability. The scope is unchanged, meaning the impact is confined to the vulnerable component without affecting other system components. No known exploits are currently reported in the wild, and no patches or vendor advisories have been linked yet. The lack of detailed product and vendor information limits the ability to fully assess the environment but the presence of the vulnerability in a widely used messaging platform mini-app suggests a notable risk vector.

For European organizations, especially those using the Line platform or integrating the PRIMA CLINIC mini-app for healthcare or communication services, this vulnerability poses a risk of unauthorized message injection. This can lead to targeted phishing campaigns, social engineering attacks, or dissemination of false information, potentially undermining trust in digital communication channels. Healthcare providers or clinics using this mini-app could face reputational damage and regulatory scrutiny under GDPR if personal data is indirectly exposed or manipulated. The unauthorized notifications could also disrupt patient communication workflows or cause confusion, impacting service delivery. Since the vulnerability requires leakage of the channel access token, organizations with weak token management or insufficient access controls are at higher risk. The medium severity suggests a moderate but tangible threat that should be addressed promptly to prevent escalation or exploitation in conjunction with other vulnerabilities.

Organizations should immediately audit and secure their channel access tokens by implementing strict access controls and rotating tokens regularly to limit exposure time. Monitoring and logging of token usage should be enhanced to detect anomalous notification activity. Developers should review the mini-app’s code and integration points to ensure tokens are not exposed in logs, URLs, or client-side storage. Applying the principle of least privilege to tokens and restricting their scope can reduce potential damage if leaked. Since no official patch is currently available, organizations should consider disabling or limiting the use of the PRIMA CLINIC mini-app on Line until a fix is released. User awareness campaigns can help mitigate the impact of malicious notifications by educating users to recognize suspicious messages. Finally, coordination with Line platform support and monitoring for vendor advisories or patches is essential for timely remediation.