Lucene search
K

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/04/01 7:39 a.m.23 views

Security Bulletin: IBM Maximo Application Suite uses firestore-4.15.1.tgz which is vulnerable to CVE-2023-6460

Summary IBM Maximo Application Suite uses firestore-4.15.1.tgz which is vulnerable to CVE-2023-6460. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-6460 DESCRIPTION: Google APIs nodejs-firestore could allow a local authenticate...

5.5CVSS4.4AI score0.00121EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2023/12/04 3:31 p.m.5 views

@01ht/ht-api-helper-functions (>=1.0.0 <=1.0.2), @1amageek/document-propagator (>=0.1.0 <=0.10.0) +1670 more potentially affected by CVE-2023-6460 via @google-cloud/firestore (>=0.10.2 <=5.0.2)

@google-cloud/firestore NPM version =0.10.2, =1.0.0, =0.1.0, =1.0.0, =0.1.0, =1.0.24, =0.0.1, =0.0.5, =0.0.1, =0.1.17, =1.0.0, =1.0.5, =1.0.6 - @aeyrium/faa-parser =1.0.3 and more Source cves: CVE-2023-6460 Source advisory: OSV:GHSA-4G6Q-77J7-VVJC...

5.5CVSS6AI score0.00121EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/12/04 1:15 p.m.8 views

CVE-2023-6460

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this.settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this...

5.5CVSS6AI score0.00121EPSS
Exploits0References3
CVE
CVE
added 2023/12/04 12:26 p.m.72 views

CVE-2023-6460

CVE-2023-6460 affects Google nodejs-firestore. The issue arises from logging this._settings, which can cause leakage of the Firestore key to log files with read access. Reported across multiple sources, including NVD and OSV, with remediation guidance to upgrade to version 6.1.0 where the issue i...

5.5CVSS4.8AI score0.00121EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder