Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-63706C482162E59589E33FA38DC5C8A6

HistoryJun 25, 2024 - 12:00 a.m.

Aimeos HTML client may potentially reveal sensitive information in error log

2024-06-2500:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

aimeos html client

sensitive information

error log

debug information

environment variables

software

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

9.1%

JSON

Debug information can reveal sensitive information from environment variables in error log

Affected configurations

Vulners

Node

packagistai-client-htmlRange2024.04.1≥

packagistai-client-htmlRange<2024.04.7

packagistai-client-htmlRange2023.04.1≥

packagistai-client-htmlRange<2023.10.15

packagistai-client-htmlRange2022.04.1≥

packagistai-client-htmlRange<2022.10.13

packagistai-client-htmlRange2021.10.1≥

packagistai-client-htmlRange<2021.10.22

VendorProductVersionCPE
packagistai-client-html*cpe:2.3:a:packagist:ai-client-html:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
packagist	ai-client-html	*	cpe:2.3:a:packagist:ai-client-html::::::::

References

github.com/advisories/GHSA-ppm5-jv84-2xg2

github.com/aimeos/ai-client-html

github.com/aimeos/ai-client-html/commit/bb389620ffc3cf4a2f29c11a1e5f512049e0c132

github.com/aimeos/ai-client-html/security/advisories/GHSA-ppm5-jv84-2xg2

nvd.nist.gov/vuln/detail/CVE-2024-38516

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

9.1%

JSON

Related for GITLAB-63706C482162E59589E33FA38DC5C8A6