CVE-2024-23686

{"id": "CVE-2024-23686", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-01-19T22:15:08.437", "references": [{"url": "https://github.com/advisories/GHSA-qqhq-8r2c-c3f5", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5", "tags": ["Vendor Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/advisories/GHSA-qqhq-8r2c-c3f5", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.\n\n"}, {"lang": "es", "value": "DependencyCheck para Maven 9.0.0 a 9.0.6, para la Interfaz de L\u00ednea de Comandos (CLI) versi\u00f3n 9.0.0 a 9.0.5 y para Ant versiones 9.0.0 a 9.0.5, cuando se usa en modo de depuraci\u00f3n, permite a un atacante recuperar la clave API NVD de un archivo de registro."}], "lastModified": "2024-11-21T08:58:10.460", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:ant:*:*", "vulnerable": true, "matchCriteriaId": "4B46B595-71B8-4A55-884B-333B36B60773", "versionEndIncluding": "9.0.5", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:cli:*:*", "vulnerable": true, "matchCriteriaId": "CB4D8662-BC31-4105-9B5A-A64C482A880E", "versionEndIncluding": "9.0.5", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:maven:*:*", "vulnerable": true, "matchCriteriaId": "BF9CA0F5-E249-4577-BEAD-54CE438914AD", "versionEndExcluding": "9.0.6", "versionStartIncluding": "9.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}