CVE-2024-23686

🗓️ 19 Jan 2024 21:12:13Reported by VulnCheckType

CVE-2024-23686: DependencyCheck for Maven 9.0.0 to 9.0.6, CLI 9.0.0 to 9.0.5, Ant 9.0.0 to 9.0.5, debug mode. NVD API Key exposur

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2024-23686	19 Jan 202423:21	–	circl
CNNVD	DependencyCheck Log Information Disclosure Vulnerability	19 Jan 202400:00	–	cnnvd
Cvelist	CVE-2024-23686 DependencyCheck Debug Mode Logging of NVD API Key	19 Jan 202421:12	–	cvelist
Github Security Blog	Insertion of Sensitive Information into Log File in OWASP DependencyCheck	20 Jan 202400:30	–	github
NVD	CVE-2024-23686	19 Jan 202422:15	–	nvd
OSV	GHSA-FRXM-V7Q3-V2WV Insertion of Sensitive Information into Log File in OWASP DependencyCheck	20 Jan 202400:30	–	osv
OSV	GHSA-QQHQ-8R2C-C3F5 nvdApiKey is logged in debug mode	15 Dec 202323:43	–	osv
Prion	Design/Logic Flaw	19 Jan 202422:15	–	prion
Positive Technologies	PT-2023-32948 · Unknown · Dependencycheck For Ant +2	15 Dec 202300:00	–	ptsecurity
RedhatCVE	CVE-2024-23686	23 May 202508:40	–	redhatcve

NVD

CNA

Node

owasp dependency-checkRange9.0.0–9.0.5ant

owasp dependency-checkRange9.0.0–9.0.5cli

owasp dependency-checkRange9.0.0–9.0.6maven

[
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.owasp:dependency-check-maven",
    "versions": [
      {
        "lessThanOrEqual": "9.0.6",
        "status": "affected",
        "version": "9.0.0",
        "versionType": "maven"
      }
    ]
  },
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.owasp:dependency-check-cli",
    "versions": [
      {
        "lessThanOrEqual": "9.0.5",
        "status": "affected",
        "version": "9.0.0",
        "versionType": "maven"
      }
    ]
  },
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.owasp:dependency-check-ant",
    "versions": [
      {
        "lessThanOrEqual": "9.0.5",
        "status": "affected",
        "version": "9.0.0",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
github	www.github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5
github	www.github.com/advisories/GHSA-qqhq-8r2c-c3f5
vulncheck	www.vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5

29 Nov 2025 02:15Current

5.2Medium risk

Vulners AI Score5.2

CVSS 3.15.3

EPSS0.0065

SSVC

CWE-532