CVE-2024-38480

medium

Description

"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability.

References

https://play.google.com/store/apps/details?id=jp.kakao.piccoma

https://jvn.jp/en/jp/JVN01073312/

https://apps.apple.com/jp/app/%E3%83%94%E3%83%83%E3%82%B3%E3%83%9E/id1091496983

Details

Source: Mitre, NVD

Published: 2024-07-01

Updated: 2024-11-12

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium

Detections

Analytics