Lucene search
SonatypeCVE-2024-6060HistoryJun 25, 2024 - 10:15 p.m.
CVE-2024-6060
2024-06-2522:15:35
CWE-532
Sonatype
web.nvd.nist.gov
26
information disclosure
phloc webscopes
http requests
sensitive information
CVSS4
9.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
PASSIVE
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/SC:H/VI:H/SI:H/VA:L/SA:L/AU:N/U:Red/R:U/V:C/RE:M
AI Score
5.8
Confidence
Low
EPSS
0
Percentile
9.1%
An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information.
CNA Affected
[
{
"defaultStatus": "unaffected",
"packageName": "phloc-webscopes",
"product": "Webscopes",
"repo": "https://github.com/phlocbg/phloc-webbasics",
"vendor": "Phloc",
"versions": [
{
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "pkg:maven/com.phloc/[email protected]",
"versionType": "purl"
}
]
}
]Related
veracode
veracode
Insertion Of Sensitive Information Into Log File.
2024-07-04 07:10:38
nvd
nvd
CVE-2024-6060
2024-06-25 22:15:35
cvelist
cvelist
CVE-2024-6060
2024-06-25 21:36:33
vulnrichment
vulnrichment
CVE-2024-6060
2024-06-25 21:36:33
CVSS4
9.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
PASSIVE
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/SC:H/VI:H/SI:H/VA:L/SA:L/AU:N/U:Red/R:U/V:C/RE:M
AI Score
5.8
Confidence
Low
EPSS
0
Percentile
9.1%
Related for CVE-2024-6060