Lucene search
GitHub_MCVELIST:CVE-2024-38516HistoryJun 25, 2024 - 8:08 p.m.
CVE-2024-38516 Aimeos HTML client may potentially reveal sensitive information in error log
2024-06-2520:08:50
CWE-1295
GitHub_M
www.cve.org
4
aimeos e-commerce client
sensitive information
debug information
environment variables
error log
patched versions
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.1%
ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.22.
CNA Affected
[
{
"vendor": "aimeos",
"product": "ai-client-html",
"versions": [
{
"version": ">= 2024.04.1, < 2024.04.7",
"status": "affected"
},
{
"version": ">= 2023.04.1, < 2023.10.15",
"status": "affected"
},
{
"version": ">= 2022.04.1, < 2022.10.13",
"status": "affected"
},
{
"version": ">= 2021.10.1, < 2021.10.22",
"status": "affected"
}
]
}
]Related
osv
osv
Aimeos HTML client may potentially reveal sensitive information in error log
2024-06-25 17:26:56
CVE-2024-38516
2024-06-25 21:15:59
nvd
nvd
CVE-2024-38516
2024-06-25 21:15:59
cve
cve
CVE-2024-38516
2024-06-25 21:15:59
github
github
Aimeos HTML client may potentially reveal sensitive information in error log
2024-06-25 17:26:56
gitlab
gitlab
Aimeos HTML client may potentially reveal sensitive information in error log
2024-06-25 00:00:00
vulnrichment
vulnrichment
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.1%
Related for CVELIST:CVE-2024-38516