Primary

Context

Open ISES Tickets Hardcoded Google Maps API Key Vulnerability

Vulnerability

Patched

A vulnerability exists in Open ISES Tickets versions prior to 3.44.2, where a hardcoded Google Maps API key is embedded in 'tables.php'. This key, committed to the public source repository, can be extracted by anyone with read access and used for Google Maps Platform requests, potentially leading to unauthorized charges on the original owner's Google Cloud project.

Impact

The hardcoded API key could be misused for Google Maps Platform requests, causing financial charges to the key owner.

Reproduction

The vulnerability can be reproduced by accessing the 'tables.php' file in the source code repository of Open ISES Tickets versions prior to 3.44.2'. The hardcoded Google Maps API key can be found in this file and extracted for unauthorized use.

Remediation

Users are advised to upgrade to Open ISES Tickets version 3.44.2 or later, where this vulnerability has been patched.

Added: May 21, 2026, 6:31 PM

Updated: May 21, 2026, 6:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.4

remediation

0.0

relevance

8.5

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.4

remediation

0.0

relevance

8.5

threat

4.8

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open ISES Tickets Hardcoded Google Maps API Key Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Open ISES Tickets

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating