Wolt · Wolt Delivery: Food/More · CVE-2023-22429
**Name of the Vulnerable Software and Affected Versions**
Wolt Delivery: Food and more versions 4.27.2 and earlier
**Description**
The issue concerns the use of hard-coded credentials, specifically an API key for an external service, in the application. This may allow a local attacker to obtain the hard-coded API key via reverse-engineering the application binary.
**Recommendations**
For versions 4.27.2 and earlier, consider removing or securely storing the hard-coded API key to prevent unauthorized access. As a temporary workaround, restrict access to the application binary to minimize the risk of reverse-engineering.