DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.
References
Link | Resource |
---|---|
https://github.com/advisories/GHSA-qqhq-8r2c-c3f5 | Third Party Advisory |
https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5 | Vendor Advisory |
https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5 | Third Party Advisory |
https://github.com/advisories/GHSA-qqhq-8r2c-c3f5 | Third Party Advisory |
https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5 | Vendor Advisory |
https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/advisories/GHSA-qqhq-8r2c-c3f5 - Third Party Advisory | |
References | () https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5 - Vendor Advisory | |
References | () https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5 - Third Party Advisory |
26 Jan 2024, 18:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5 - Third Party Advisory | |
References | () https://github.com/advisories/GHSA-qqhq-8r2c-c3f5 - Third Party Advisory | |
References | () https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CPE | cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:ant:*:* cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:maven:*:* cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:cli:*:* |
|
CWE | CWE-532 |
19 Jan 2024, 22:52
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-19 22:15
Updated : 2024-11-21 08:58
NVD link : CVE-2024-23686
Mitre link : CVE-2024-23686
CVE.ORG link : CVE-2024-23686
JSON object : View
Products Affected
owasp
- dependency-check
CWE
CWE-532
Insertion of Sensitive Information into Log File