Lucene search
JpcertCVE-2024-32988HistoryMay 22, 2024 - 8:15 a.m.
CVE-2024-32988
2024-05-2208:15:10
CWE-798
jpcert
web.nvd.nist.gov
42
offerbox
mobile app
hard-coded secret key
jwt
android
ios
nvd
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0
Percentile
9.0%
‘OfferBox’ App for Android versions 2.0.0 to 2.3.17 and ‘OfferBox’ App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Secret key for JWT may be retrieved if the application binary is reverse-engineered.
Affected configurations
Node
i-plug_inc.\'offerbox\'_app_for_androidRange2.0.0–2.3.17
i-plug_inc.\'offerbox\'_app_for_iosRange2.1.7–2.6.14
| Vendor | Product | Version | CPE |
|---|---|---|---|
| i-plug_inc. | \'offerbox\'_app_for_android | * | cpe:2.3:a:i-plug_inc.:\'offerbox\'_app_for_android:*:*:*:*:*:*:*:* |
| i-plug_inc. | \'offerbox\'_app_for_ios | * | cpe:2.3:a:i-plug_inc.:\'offerbox\'_app_for_ios:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "i-plug inc.",
"product": "'OfferBox' App for Android",
"versions": [
{
"version": "2.0.0 to 2.3.17",
"status": "affected"
}
]
},
{
"vendor": "i-plug inc.",
"product": "'OfferBox' App for iOS",
"versions": [
{
"version": "2.1.7 to 2.6.14",
"status": "affected"
}
]
}
]References
Related
nvd
nvd
CVE-2024-32988
2024-05-22 08:15:10
jvn
jvn
JVN#83405304: "OfferBox" App uses a hard-coded secret key
2024-05-10 00:00:00
cvelist
cvelist
CVE-2024-32988
2024-05-22 07:37:32
vulnrichment
vulnrichment
CVE-2024-32988
2024-05-22 07:37:32
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0
Percentile
9.0%
Related for CVE-2024-32988