Описание
Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.3.7 (включая)Версия до 8.29.0 (включая)
Одно из
cpe:2.3:a:wantedlyinc:studyplus:*:*:*:*:*:android:*:*
cpe:2.3:a:wantedlyinc:studyplus:*:*:*:*:*:iphone_os:*:*
EPSS
Процентиль: 16%
0.00052
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-798
Связанные уязвимости
github
больше 3 лет назад
Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.
EPSS
Процентиль: 16%
0.00052
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-798