CVE-2024-48310

High

Published: 28 January 2025

Published

28 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0020 42.1th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

AutoLib Software Systems OPAC v20.10 was discovered to have multiple API keys exposed within the source code. Attackers may use these keys to access the backend API or other sensitive information.

Security Summary

CVE-2024-48310 affects AutoLib Software Systems OPAC version 20.10, where multiple API keys are exposed within the source code. This vulnerability, classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with no requirements for authentication, privileges, or user interaction.

Remote attackers without any prerequisites can exploit this issue by extracting the exposed API keys from the source code. Successful exploitation allows access to the backend API and other sensitive information, potentially enabling unauthorized data retrieval or further reconnaissance.

Mitigation details are available in the referenced advisories, including the Full Disclosure mailing list posting at https://seclists.org/fulldisclosure/2025/Jan/11. Security practitioners should review these for specific patching instructions or workarounds, as the vulnerability was publicly disclosed on January 28, 2025.

Details

CWE(s): CWE-200

References

https://seclists.org/fulldisclosure/2025/Jan/11
cve@mitre.org
http://seclists.org/fulldisclosure/2025/Jan/11
af854a3a-2127-422b-91ae-364da2661108