CVE-2023-22429

HIGH

Android App Wolt Delivery <4.27.2 - Info Disclosure

Title source: llm

Description

Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier uses hard-coded credentials (API key for an external service), which may allow a local attacker to obtain the hard-coded API key via reverse-engineering the application binary.

References (2)

Core 2

Core References

Third Party Advisory

https://jvn.jp/en/jp/JVN64453490/

Product

https://play.google.com/store/apps/details?id=com.wolt.android&hl=en_US&gl=US

Scores

CVSS v3 7.8

EPSS 0.0016

EPSS Percentile 5.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-798

Status published

Products (1)

wolt/wolt_delivery < 4.28.0

Published Apr 11, 2023

Tracked Since Feb 18, 2026