exploitDog

CVE-2024-23453

Опубликовано: 24 янв. 2024

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service.

Ссылки

https://jvn.jp/en/jp/JVN96154238/
Third Party Advisory
https://play.google.com/store/apps/details?id=co.spoonme&hl=en_US
Product
https://spoon-support.spooncast.net/jp/update
Vendor Advisory
https://jvn.jp/en/jp/JVN96154238/
Third Party Advisory
https://play.google.com/store/apps/details?id=co.spoonme&hl=en_US
Product
https://spoon-support.spooncast.net/jp/update
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:spooncast:spoon:*:*:*:*:*:android:*:*

Версия от 7.11.1 (включая) до 8.6.0 (включая)

EPSS

Процентиль: 13%

0.00046

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-798

CWE-798

Связанные уязвимости

GHSA-288h-h8hx-vvqm

CVSS3: 5.5

github

больше 1 года назад

Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service.

EPSS

Процентиль: 13%

0.00046

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-798

CWE-798