CVE-2024-38480

"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability.

CVSS v3 4.0 MEDIUM

4.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://apps.apple.com/jp/app/%E3%83%94%E3%83%83%E3%82%B3%E3%83%9E/id1091496983
https://jvn.jp/en/jp/JVN01073312/
https://play.google.com/store/apps/details?id=jp.kakao.piccoma

Configurations

No configuration.

History

12 Nov 2024, 18:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.0
CWE		CWE-798

01 Jul 2024, 12:37

Type	Values Removed	Values Added
Summary		(es) La aplicación "Piccoma" para versiones de Android e iOS anteriores a la 6.20.0 utiliza una clave API codificada para un servicio externo, lo que puede permitir que un atacante local obtenga la clave API. Tenga en cuenta que los usuarios de la aplicación no se ven directamente afectados por esta vulnerabilidad.

01 Jul 2024, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-01 05:15

Updated : 2024-11-12 18:35

NVD link : CVE-2024-38480

Mitre link : CVE-2024-38480

CVE.ORG link : CVE-2024-38480

JSON object : View

Products Affected

No product.

CWE

CWE-798

Use of Hard-coded Credentials

4.0 /10