Japan Vulnerability NotesJVN:49047921JVN#49047921: Jimoty App for Android uses a hard-coded API key for an external service
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.0004 Low
EPSS
Percentile
12.6%
Jimoty App for Android provided by Jimoty, Inc. uses a hard-coded API key for an external service (CWE-798).
Impact
API key for an external service may be obtained by analyzing data in the app.
Note that a user is not directly affected by this vulnerability.
Solution
Update the Application
Update the application to the latest version according to the information provided by the developer.
According to the developer, the latest app does not hard-code the API key.
The vulnerable API key has been deactivated, therefore information contained in the vulnerable app can not be abused.
Products Affected
- Jimoty App for Android versions prior to 3.7.42
Related
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.0004 Low
EPSS
Percentile
12.6%