Lucene search

[email protected]CVE-2024-23453

HistoryJan 24, 2024 - 12:15 a.m.

CVE-2024-23453

2024-01-2400:15:08

CWE-798

[email protected]

web.nvd.nist.gov

android

spoon

cve-2024-23453

security

hard-coded credentials

api key

vulnerability

local attacker

reverse-engineering

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service.

Affected configurations

Vulners

NVD

Node

spoon_radio_japan_inc.android_spoon_applicationRange7.11.1–8.6.0

CPENameOperatorVersion
spooncast:spoonspooncast spoonle8.6.0

CPE	Name	Operator	Version
spooncast:spoon	spooncast spoon	le	8.6.0

CNA Affected

[
  {
    "vendor": "Spoon Radio Japan Inc.",
    "product": "Android Spoon application",
    "versions": [
      {
        "version": "version 7.11.1 to 8.6.0",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN96154238/

play.google.com/store/apps/details?id=co.spoonme&hl=en_US

spoon-support.spooncast.net/jp/update

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2024-23453

jvn1 nvd1 cvelist1 prion1