CVE-2024-38480

July 1, 2024, 12:37 p.m.

Tags

vultures@jpcert.or.jp
2024-07-01
CVE-2024-38480

Product(s) Impacted

Piccoma App for Android

  • before 6.20.0

Piccoma App for iOS

  • before 6.20.0

Description

"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability.

Weaknesses

Date

Published: July 1, 2024, 5:15 a.m.

Last Modified: July 1, 2024, 12:37 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vultures@jpcert.or.jp

References

https://apps.apple.com/jp/app/%E3%83%94%E3%83%83%E3%82%B3%E3%83%9E/id1091496983
vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN01073312/
vultures@jpcert.or.jp
https://play.google.com/store/apps/details?id=jp.kakao.piccoma
vultures@jpcert.or.jp