Search
Find a vulnerability
Search criteria
3 vulnerabilities by Jimoty, Inc.
CVE-2022-0131 (GCVE-0-2022-0131)
Vulnerability from nvd – Published: 2022-01-17 09:10 – Updated: 2024-08-02 23:18
VLAI
EPSS
VEX
Summary
Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.
Severity
No CVSS data available.
CWE
- Use of Hard-coded credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN49047921/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jimoty, Inc. | Jimoty App for Android |
Affected:
versions prior to 3.7.42
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.732Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN49047921/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jimoty App for Android",
"vendor": "Jimoty, Inc.",
"versions": [
{
"status": "affected",
"version": "versions prior to 3.7.42"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-17T09:10:24.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN49047921/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-0131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jimoty App for Android",
"version": {
"version_data": [
{
"version_value": "versions prior to 3.7.42"
}
]
}
}
]
},
"vendor_name": "Jimoty, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN49047921/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN49047921/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-0131",
"datePublished": "2022-01-17T09:10:24.000Z",
"dateReserved": "2022-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:41.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0131 (GCVE-0-2022-0131)
Vulnerability from cvelistv5 – Published: 2022-01-17 09:10 – Updated: 2024-08-02 23:18
VLAI
EPSS
VEX
Summary
Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.
Severity
No CVSS data available.
CWE
- Use of Hard-coded credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN49047921/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jimoty, Inc. | Jimoty App for Android |
Affected:
versions prior to 3.7.42
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.732Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN49047921/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jimoty App for Android",
"vendor": "Jimoty, Inc.",
"versions": [
{
"status": "affected",
"version": "versions prior to 3.7.42"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-17T09:10:24.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN49047921/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-0131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jimoty App for Android",
"version": {
"version_data": [
{
"version_value": "versions prior to 3.7.42"
}
]
}
}
]
},
"vendor_name": "Jimoty, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN49047921/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN49047921/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-0131",
"datePublished": "2022-01-17T09:10:24.000Z",
"dateReserved": "2022-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:41.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2022-000003
Vulnerability from jvndb - Published: 2022-01-12 15:37 - Updated:2022-01-12 15:37
Severity
Summary
Jimoty App for Android uses a hard-coded API key for an external service
Details
Jimoty App for Android provided by Jimoty, Inc. uses a hard-coded API key for an external service (CWE-798).
Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000003.html",
"dc:date": "2022-01-12T15:37+09:00",
"dcterms:issued": "2022-01-12T15:37+09:00",
"dcterms:modified": "2022-01-12T15:37+09:00",
"description": "Jimoty App for Android provided by Jimoty, Inc. uses a hard-coded API key for an external service (CWE-798).\r\n\r\nMasashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000003.html",
"sec:cpe": {
"#text": "cpe:/a:jmty:jimoty",
"@product": "Jimoty",
"@vendor": "Jimoty, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.1",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000003",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN49047921/index.html",
"@id": "JVN#49047921",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-0131",
"@id": "CVE-2022-0131",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-0131",
"@id": "CVE-2022-0131",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Jimoty App for Android uses a hard-coded API key for an external service"
}