Lucene search
HistoryJun 25, 2024 - 9:15 p.m.
CVE-2024-38516
aimeos
e-commerce
html client
sensitive information
environment variables
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
9.1%
ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.22.
Related
cve
cve
CVE-2024-38516
2024-06-25 21:15:59
gitlab
gitlab
Aimeos HTML client may potentially reveal sensitive information in error log
2024-06-25 00:00:00
github
github
Aimeos HTML client may potentially reveal sensitive information in error log
2024-06-25 17:26:56
osv
osv
Aimeos HTML client may potentially reveal sensitive information in error log
2024-06-25 17:26:56
CVE-2024-38516
2024-06-25 21:15:59
veracode
veracode
Information Disclosure
2024-06-26 07:13:11
cvelist
cvelist
vulnrichment
vulnrichment
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
9.1%
Related for NVD:CVE-2024-38516