DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.
References
Link | Resource |
---|---|
https://github.com/advisories/GHSA-qqhq-8r2c-c3f5 | Third Party Advisory |
https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5 | Vendor Advisory |
https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
26 Jan 2024, 18:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:cli:*:* cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:ant:*:* cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:maven:*:* |
|
CWE | CWE-532 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
First Time |
Owasp
Owasp dependency-check |
|
References | () https://github.com/advisories/GHSA-qqhq-8r2c-c3f5 - Third Party Advisory | |
References | () https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5 - Vendor Advisory | |
References | () https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5 - Third Party Advisory |
19 Jan 2024, 22:52
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-19 22:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-23686
Mitre link : CVE-2024-23686
CVE.ORG link : CVE-2024-23686
JSON object : View
Products Affected
owasp
- dependency-check
CWE
CWE-532
Insertion of Sensitive Information into Log File