CVE-2024-23686

Опубликовано: 19 янв. 2024

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.

Ссылки

https://github.com/advisories/GHSA-qqhq-8r2c-c3f5
Third Party Advisory
https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5
Vendor Advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5
Third Party Advisory
https://github.com/advisories/GHSA-qqhq-8r2c-c3f5
Third Party Advisory
https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5
Vendor Advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:ant:*:*

Версия от 9.0.0 (включая) до 9.0.5 (включая)

cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:cli:*:*

Версия от 9.0.0 (включая) до 9.0.5 (включая)

cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:maven:*:*

Версия от 9.0.0 (включая) до 9.0.6 (исключая)

EPSS

Процентиль: 71%

0.00692

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-532

Связанные уязвимости

GHSA-frxm-v7q3-v2wv