CVE-2020-5667

{"id": "CVE-2020-5667", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2020-11-06T03:15:17.777", "references": [{"url": "https://jvn.jp/en/jp/JVN00414047/index.html", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://jvn.jp/en/jp/JVN00414047/index.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app."}, {"lang": "es", "value": "La aplicaci\u00f3n Studyplus para Android versiones v6.3.7 y anteriores y la aplicaci\u00f3n Studyplus para iOS versiones v8.29.0 y anteriores, usan una clave API embebida para un servicio externo. Al explotar esta vulnerabilidad, la clave API para un servicio externo puede ser obtenida mediante el an\u00e1lisis de los datos en la aplicaci\u00f3n"}], "lastModified": "2024-11-21T05:34:27.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wantedlyinc:studyplus:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "1F8A4885-F83A-4364-8ADF-96E1109C215B", "versionEndIncluding": "6.3.7"}, {"criteria": "cpe:2.3:a:wantedlyinc:studyplus:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "A4BC2E3B-846A-4F4A-A56D-8AD085B3D84E", "versionEndIncluding": "8.29.0"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}