Vulnerability Details CVE-2021-20748
Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
Products affected by CVE-2021-20748
-
-
cpe:2.3:a:retty:retty:4.10.10
-
cpe:2.3:a:retty:retty:4.10.11
-
cpe:2.3:a:retty:retty:4.10.12
-
cpe:2.3:a:retty:retty:4.10.13
-
cpe:2.3:a:retty:retty:4.10.6
-
cpe:2.3:a:retty:retty:4.10.7
-
cpe:2.3:a:retty:retty:4.10.8
-
cpe:2.3:a:retty:retty:4.10.9
-
cpe:2.3:a:retty:retty:4.11.0
-
cpe:2.3:a:retty:retty:4.11.1
-
cpe:2.3:a:retty:retty:4.11.10
-
cpe:2.3:a:retty:retty:4.11.11
-
cpe:2.3:a:retty:retty:4.11.12
-
cpe:2.3:a:retty:retty:4.11.13
-
cpe:2.3:a:retty:retty:4.11.2
-
cpe:2.3:a:retty:retty:4.11.3
-
cpe:2.3:a:retty:retty:4.11.4
-
cpe:2.3:a:retty:retty:4.11.5
-
cpe:2.3:a:retty:retty:4.11.6
-
cpe:2.3:a:retty:retty:4.11.7
-
cpe:2.3:a:retty:retty:4.11.8
-
cpe:2.3:a:retty:retty:4.11.9