Primary

Context

Open ISES Tickets Hardcoded Google Maps API Key Vulnerability

Vulnerability

Patched

A vulnerability exists in Open ISES Tickets versions prior to 3.44.2, where a hardcoded Google Maps API key is embedded in the settings.inc.php file. This file is publicly accessible in the source repository, allowing anyone with read access to extract the key. The extracted key can be used to make requests to the Google Maps Platform, which will be billed to the original owner's Google Cloud project.

Impact

The hardcoded API key can be misused to make Google Maps Platform requests, potentially leading to unauthorized charges on the owner's Google Cloud account.

Reproduction

The vulnerability can be reproduced by accessing the settings.inc.php file in the Open ISES Tickets repository version prior to 3.44.2. The hardcoded Google Maps API key can be found in this file and extracted for use.

Remediation

Users are advised to upgrade to Open ISES Tickets version 3.44.2 or later, where this vulnerability has been patched.

Added: May 21, 2026, 6:31 PM

Updated: May 21, 2026, 6:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.4

remediation

0.0

relevance

8.5

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.4

remediation

0.0

relevance

8.5

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open ISES Tickets Hardcoded Google Maps API Key Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Open ISES Tickets

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating