Lucene search

K
vulnrichmentJpcertVULNRICHMENT:CVE-2024-38480
HistoryJul 01, 2024 - 2:27 a.m.

CVE-2024-38480

2024-07-0102:27:01
jpcert
github.com
piccoma app
hard-coded api key
local attacker
android
ios
vulnerability
external service
security

6.3 Medium

AI Score

Confidence

Low

β€œPiccoma” App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability.

CNA Affected

[
  {
    "vendor": "Kakao piccoma Corp.",
    "product": "\"Piccoma\" App for Android",
    "versions": [
      {
        "version": "prior to 6.20.0",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Kakao piccoma Corp.",
    "product": "\"Piccoma\" App for iOS",
    "versions": [
      {
        "version": "prior to 6.20.0",
        "status": "affected"
      }
    ]
  }
]

6.3 Medium

AI Score

Confidence

Low

Related for VULNRICHMENT:CVE-2024-38480