CVE-2024-48310

{"id": "CVE-2024-48310", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-01-28T23:15:07.677", "references": [{"url": "https://seclists.org/fulldisclosure/2025/Jan/11", "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2025/Jan/11", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "AutoLib Software Systems OPAC v20.10 was discovered to have multiple API keys exposed within the source code. Attackers may use these keys to access the backend API or other sensitive information."}, {"lang": "es", "value": "Se descubri\u00f3 que el AutoLib Software Systems OPAC v20.10 tiene varias claves API expuestas dentro del c\u00f3digo fuente. Los atacantes pueden usar estas claves para acceder a la API de backend o a otra informaci\u00f3n confidencial."}], "lastModified": "2025-03-25T14:15:26.223", "sourceIdentifier": "cve@mitre.org"}