Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-44483

Опубликовано: 20 окт. 2023
Источник: debian
EPSS Низкий

Описание

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libxml-security-javaunfixedpackage
libxml-security-javano-dsatrixiepackage
libxml-security-javano-dsabookwormpackage
libxml-security-javano-dsabullseyepackage
libxml-security-javano-dsabusterpackage

Примечания

  • https://www.openwall.com/lists/oss-security/2023/10/20/5

  • https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55

  • https://santuario.apache.org/secadv.data/CVE-2023-44483.txt.asc

  • https://github.com/apache/santuario-xml-security-java/commit/c85db6be7f49815253f59902b066086a7ad5ce9a (xmlsec-2.3.4)

  • https://github.com/apache/santuario-xml-security-java/commit/18999b9dced2c736f4a8d52d0c7d1b114351c77d (xmlsec-3.0.3)

  • https://github.com/apache/santuario-xml-security-java/commit/c37a2aa5066405271e74f1c611a5a66fbf8c25d4 (xmlsec-4.0.0)

EPSS

Процентиль: 38%
0.00169
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-44483

CVSS3: 6.5
ubuntu
больше 2 лет назад

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.

redhat логотип

CVE-2023-44483

CVSS3: 6.5
redhat
больше 2 лет назад

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.

nvd логотип

CVE-2023-44483

CVSS3: 6.5
nvd
больше 2 лет назад

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.

github логотип

GHSA-xfrj-6vvc-3xm2

CVSS3: 6.5
github
больше 2 лет назад

Apache Santuario - XML Security for Java are vulnerable to private key disclosure

fstec логотип

BDU:2023-07354

CVSS3: 6.5
fstec
больше 2 лет назад

Уязвимость платформы для обеспечения стандартов безопасности для XML-документов Apache Santuario XML Security for Java, связанная с раскрытием информации через регистрационные файлы, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 38%
0.00169
Низкий