A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2023-5720 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2245700 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
22 Nov 2023, 22:39
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | NVD-CWE-noinfo | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2245700 - Issue Tracking, Vendor Advisory | |
References | () https://access.redhat.com/security/cve/CVE-2023-5720 - Vendor Advisory | |
CPE | cpe:2.3:a:quarkus:quarkus:3.0.0:candidate_release1:*:*:*:*:*:* cpe:2.3:a:quarkus:quarkus:3.0.0:candidate_release2:*:*:*:*:*:* cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:* |
|
First Time |
Quarkus
Quarkus quarkus |
15 Nov 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-15 14:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-5720
Mitre link : CVE-2023-5720
CVE.ORG link : CVE-2023-5720
JSON object : View
Products Affected
quarkus
- quarkus
CWE