exploitDog

CVE-2023-22429

Опубликовано: 11 апр. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier uses hard-coded credentials (API key for an external service), which may allow a local attacker to obtain the hard-coded API key via reverse-engineering the application binary.

Ссылки

https://jvn.jp/en/jp/JVN64453490/
Third Party Advisory
https://play.google.com/store/apps/details?id=com.wolt.android&hl=en_US&gl=US
Product
https://jvn.jp/en/jp/JVN64453490/
Third Party Advisory
https://play.google.com/store/apps/details?id=com.wolt.android&hl=en_US&gl=US
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wolt:wolt_delivery:*:*:*:*:*:android:*:*

Версия до 4.28.0 (исключая)

EPSS

Процентиль: 10%

0.00035

Низкий

7.8 High

CVSS3

Дефекты

CWE-798

CWE-798

Связанные уязвимости

GHSA-jw33-89vh-mrpp

CVSS3: 7.8

github

почти 3 года назад

Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier uses hard-coded credentials (API key for an external service), which may allow a local attacker to obtain the hard-coded API key via reverse-engineering the application binary.

EPSS

Процентиль: 10%

0.00035

Низкий

7.8 High

CVSS3

Дефекты

CWE-798

CWE-798