PT-2025-2793 · Autolib Software Systems · Autolib Software Systems Opac
Shaikh Shahnawaz
·
Published
2025-01-28
·
Updated
2025-01-29
·
CVE-2024-48310
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
AutoLib Software Systems OPAC version 20.10
Description:
The issue concerns exposed API keys within the source code. Attackers may use these keys to access the backend API or other sensitive information.
Recommendations:
For AutoLib Software Systems OPAC version 20.10, remove or securely store the exposed API keys to prevent unauthorized access to the backend API or sensitive information. Consider regenerating new API keys and updating the source code to use these new keys. As a temporary workaround, consider restricting access to the backend API until the issue is resolved.
Fix
Information Disclosure
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Autolib Software Systems Opac