10 matches found
CVE-2024-23686
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file...
Information Exposure
Dependency-Check Core is vulnerable to Information Exposure Through Log Files. The vulnerability is due to the logging of sensitive information when in debug mode. An attacker with access to debug logs could potentially retrieve the NVD API Key and use it to perform arbitrary actions...
GHSA-FRXM-V7Q3-V2WV Insertion of Sensitive Information into Log File in OWASP DependencyCheck
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file...
Insertion of Sensitive Information into Log File in OWASP DependencyCheck
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file...
Design/Logic Flaw
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file...
CVE-2024-23686 DependencyCheck Debug Mode Logging of NVD API Key
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file...
CVE-2024-23686 DependencyCheck Debug Mode Logging of NVD API Key
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file...
Information Disclosure
org.owasp/dependency-check is vulnerable to Information Disclosure. The vulnerability is due to the nvdApiKey not being masked because it doesn't match the specified patterns. As a result, when debug mode is enabled using mvn -X, the API key is logged in clear text. This exposes the NVD API key...
nvdApiKey is logged in debug mode
Summary The value of nvdApiKey configuration parameter is logged in clear text in debug mode. Details The NVD API key is a kind of secret and should be treated like other secrets when logging in debug mode. Expecting the same behavior as for several password configurations: just print Note that...
PT-2023-32948 · Unknown · Dependencycheck For Ant +2
Name of the Vulnerable Software and Affected Versions: DependencyCheck for Maven versions 9.0.0 through 9.0.6 DependencyCheck for CLI versions 9.0.0 through 9.0.5 DependencyCheck for Ant versions 9.0.0 through 9.0.5 Description: The issue allows an attacker to recover the NVD API Key from a log...