Vulnerability Details CVE-2021-20748
Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 59.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
Products affected by CVE-2021-20748
-
-
cpe:2.3:a:retty:retty:4.10.10
-
cpe:2.3:a:retty:retty:4.10.11
-
cpe:2.3:a:retty:retty:4.10.12
-
cpe:2.3:a:retty:retty:4.10.13
-
cpe:2.3:a:retty:retty:4.10.6
-
cpe:2.3:a:retty:retty:4.10.7
-
cpe:2.3:a:retty:retty:4.10.8
-
cpe:2.3:a:retty:retty:4.10.9
-
cpe:2.3:a:retty:retty:4.11.0
-
cpe:2.3:a:retty:retty:4.11.1
-
cpe:2.3:a:retty:retty:4.11.10
-
cpe:2.3:a:retty:retty:4.11.11
-
cpe:2.3:a:retty:retty:4.11.12
-
cpe:2.3:a:retty:retty:4.11.13
-
cpe:2.3:a:retty:retty:4.11.2
-
cpe:2.3:a:retty:retty:4.11.3
-
cpe:2.3:a:retty:retty:4.11.4
-
cpe:2.3:a:retty:retty:4.11.5
-
cpe:2.3:a:retty:retty:4.11.6
-
cpe:2.3:a:retty:retty:4.11.7
-
cpe:2.3:a:retty:retty:4.11.8
-
cpe:2.3:a:retty:retty:4.11.9