UCC CampusConnect App Hard-Coded Cryptographic Key Vulnerability in BuildConfig.java

Vulnerability

A vulnerability exists in the UCC CampusConnect App for Android, affecting versions up to 14.3.5. The issue arises from a hard-coded Uploadcare private key in the BuildConfig.java file of the campusconnect.ucc component. This vulnerability allows an unauthenticated user to access the Uploadcare API and perform file operations such as uploading, downloading, listing, and deleting files from the Uploadcare bucket. Such actions could lead to unauthorized disclosure of sensitive information, permanent data loss, or, if a malicious file is uploaded and processed by the affected website's server, remote code execution.

Impact

Exploitation of this vulnerability could result in unauthorized file operations on the Uploadcare service, including the potential for remote code execution, if a malicious file is uploaded and processed by the server.

Added: Apr 3, 2026, 4:19 AM

Updated: Apr 3, 2026, 4:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

5.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

5.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

UCC CampusConnect App Hard-Coded Cryptographic Key Vulnerability in BuildConfig.java

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating