CVE-2024-23453

Sažetak

Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service.

Reference

https://jvn.jp/en/jp/JVN96154238/
https://play.google.com/store/apps/details?id=co.spoonme&hl=en_US
https://spoon-support.spooncast.net/jp/update
https://jvn.jp/en/jp/JVN96154238/
https://play.google.com/store/apps/details?id=co.spoonme&hl=en_US
https://spoon-support.spooncast.net/jp/update

CVSS

Base:	5.5
Impact:	3.6
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

04-06-2025 - 16:15

Objavljeno

24-01-2024 - 00:15