2 matches found
CVE-2022-39351
CVE-2022-39351 affects Dependency-Track prior to v4.6.0, where an API request using a valid API key with insufficient permissions could cause the API key to be written in clear text to the audit log. This enables an attacker with audit log access to obtain valid keys. The issue is fixed in v4.6.0...
CVE-2019-1020007
Dependency-Track (before version 3.5.1) is affected by CVE-2019-1020007, a cross-site scripting (XSS) vulnerability. The connected documents confirm XSS but do not provide details on root cause, exploit specifics, or a listed fix within the provided data.