CVE-2024-23453

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-23453
Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://jvn.jp/en/jp/JVN96154238/ Third Party Advisory
https://play.google.com/store/apps/details?id=co.spoonme&hl=en_US Product
https://spoon-support.spooncast.net/jp/update Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:spooncast:spoon:*:*:*:*:*:android:*:*
History

29 Jan 2024, 22:58

Type Values Removed Values Added
First Time Spooncast spoon
Spooncast
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CPE cpe:2.3:a:spooncast:spoon:*:*:*:*:*:android:*:*
CWE CWE-798
References () https://jvn.jp/en/jp/JVN96154238/ - () https://jvn.jp/en/jp/JVN96154238/ - Third Party Advisory
References () https://play.google.com/store/apps/details?id=co.spoonme&hl=en_US - () https://play.google.com/store/apps/details?id=co.spoonme&hl=en_US - Product
References () https://spoon-support.spooncast.net/jp/update - () https://spoon-support.spooncast.net/jp/update - Vendor Advisory

24 Jan 2024, 13:49

Type Values Removed Values Added
Summary
  • (es) La versión 7.11.1 a 8.6.0 de la aplicación Android Spoon utiliza credenciales codificadas, lo que puede permitir a un atacante local recuperar la clave API codificada cuando se aplica ingeniería inversa al binario de la aplicación. Esta clave API se puede utilizar para acceso inesperado al servicio asociado.

24 Jan 2024, 00:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-24 00:15

Updated : 2024-01-29 22:58

NVD link : CVE-2024-23453

Mitre link : CVE-2024-23453

CVE.ORG link : CVE-2024-23453

JSON object : View

Products Affected

spooncast

  • spoon
CWE
CWE-798

Use of Hard-coded Credentials