CVE-2024-38480

MEDIUM

Piccoma App for Android and iOS < 6.20.0 - Hard-coded API Key Exposure

Title source: llm

Description

"Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability.

References (3)

Core 3

Core References

Various Sources

https://apps.apple.com/jp/app/%E3%83%94%E3%83%83%E3%82%B3%E3%83%9E/id1091496983

Various Sources

https://play.google.com/store/apps/details?id=jp.kakao.piccoma

Third Party Advisory

https://jvn.jp/en/jp/JVN01073312/

Scores

CVSS v3 4.0

EPSS 0.0017

EPSS Percentile 6.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-798

Status published

Products (2)

Kakao piccoma Corp./"Piccoma" App for Android prior to 6.20.0

Kakao piccoma Corp./"Piccoma" App for iOS prior to 6.20.0

Published Jul 01, 2024

Tracked Since Feb 18, 2026