CVE-2024-38480

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-38480
"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability.

4.0 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://apps.apple.com/jp/app/%E3%83%94%E3%83%83%E3%82%B3%E3%83%9E/id1091496983
https://jvn.jp/en/jp/JVN01073312/
https://play.google.com/store/apps/details?id=jp.kakao.piccoma
https://apps.apple.com/jp/app/%E3%83%94%E3%83%83%E3%82%B3%E3%83%9E/id1091496983
https://jvn.jp/en/jp/JVN01073312/
https://play.google.com/store/apps/details?id=jp.kakao.piccoma
Configurations

No configuration.

History

21 Nov 2024, 09:26

Type Values Removed Values Added
References () https://apps.apple.com/jp/app/%E3%83%94%E3%83%83%E3%82%B3%E3%83%9E/id1091496983 - () https://apps.apple.com/jp/app/%E3%83%94%E3%83%83%E3%82%B3%E3%83%9E/id1091496983 -
References () https://jvn.jp/en/jp/JVN01073312/ - () https://jvn.jp/en/jp/JVN01073312/ -
References () https://play.google.com/store/apps/details?id=jp.kakao.piccoma - () https://play.google.com/store/apps/details?id=jp.kakao.piccoma -

12 Nov 2024, 18:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.0
CWE CWE-798

01 Jul 2024, 12:37

Type Values Removed Values Added
Summary
  • (es) La aplicación "Piccoma" para versiones de Android e iOS anteriores a la 6.20.0 utiliza una clave API codificada para un servicio externo, lo que puede permitir que un atacante local obtenga la clave API. Tenga en cuenta que los usuarios de la aplicación no se ven directamente afectados por esta vulnerabilidad.

01 Jul 2024, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-01 05:15

Updated : 2024-11-21 09:26

NVD link : CVE-2024-38480

Mitre link : CVE-2024-38480

CVE.ORG link : CVE-2024-38480

JSON object : View

Products Affected

No product.

CWE
CWE-798

Use of Hard-coded Credentials