Lucene search
VulnCheckCVELIST:CVE-2024-23686HistoryJan 19, 2024 - 9:12 p.m.
CVE-2024-23686 DependencyCheck Debug Mode Logging of NVD API Key
2024-01-1921:12:13
CWE-532
VulnCheck
www.cve.org
cve-2024-23686
dependencycheck
debug mode
logging
nvd api key
maven 9.0.0
cli 9.0.0
ant 9.0.0
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.
CNA Affected
[
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.owasp:dependency-check-maven",
"versions": [
{
"lessThanOrEqual": "9.0.6",
"status": "affected",
"version": "9.0.0",
"versionType": "maven"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.owasp:dependency-check-cli",
"versions": [
{
"lessThanOrEqual": "9.0.5",
"status": "affected",
"version": "9.0.0",
"versionType": "maven"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.owasp:dependency-check-ant",
"versions": [
{
"lessThanOrEqual": "9.0.5",
"status": "affected",
"version": "9.0.0",
"versionType": "maven"
}
]
}
]Related
cve
cve
CVE-2024-23686
2024-01-19 22:15:08
osv
osv
CVE-2024-23686
2024-01-19 22:15:08
Insertion of Sensitive Information into Log File in OWASP DependencyCheck
2024-01-20 00:30:27
nvdApiKey is logged in debug mode
2023-12-15 23:43:30
nvd
nvd
CVE-2024-23686
2024-01-19 22:15:08
veracode
veracode
Information Exposure
2024-01-23 17:53:43
github
github
Insertion of Sensitive Information into Log File in OWASP DependencyCheck
2024-01-20 00:30:27
prion
prion
Design/Logic Flaw
2024-01-19 22:15:00