Lucene search
GoogleOSV:CVE-2024-23686HistoryJan 19, 2024 - 10:15 p.m.
CVE-2024-23686
2024-01-1922:15:08
Google
osv.dev
5
cve-2024-23686
dependencycheck
maven 9.0.0
cli version 9.0.5
ant versions 9.0.0
debug mode
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
20.6%
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.
Related
cve
cve
CVE-2024-23686
2024-01-19 22:15:08
cvelist
cvelist
CVE-2024-23686 DependencyCheck Debug Mode Logging of NVD API Key
2024-01-19 21:12:13
veracode
veracode
Information Exposure
2024-01-23 17:53:43
github
github
Insertion of Sensitive Information into Log File in OWASP DependencyCheck
2024-01-20 00:30:27
nvd
nvd
CVE-2024-23686
2024-01-19 22:15:08
prion
prion
Design/Logic Flaw
2024-01-19 22:15:00
osv
osv
Insertion of Sensitive Information into Log File in OWASP DependencyCheck
2024-01-20 00:30:27
nvdApiKey is logged in debug mode
2023-12-15 23:43:30
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
20.6%
Related for OSV:CVE-2024-23686