PT-2026-42522 · Unknown · Open Ises Tickets
CVE-2026-48244
·
Published
2026-05-21
·
Updated
2026-05-21
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Open ISES Tickets versions prior to 3.44.2
Description
The software embeds a hardcoded Google Maps API key within the
settings.inc.php file, which is committed to the public source repository. This allows individuals with read access to the source code to extract the key and perform Google Maps Platform requests that are billed to the original owner's Google Cloud project.Recommendations
Update to version 3.44.2 or later.
Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open Ises Tickets