Lucene search
Veracode Vulnerability DatabaseVERACODE:44249HistoryNov 13, 2023 - 8:57 a.m.
Insertion Of Sensitive Information Into Log File
2023-11-1308:57:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
sensitive information
log file
http api
bearer token
info-level logs
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7
Confidence
Low
EPSS
0.001
Percentile
36.0%
github.com/juanfont/headscale is vulnerable to Insertion Of Sensitive Information Into Log File. The vulnerability is due the HTTP api writting the whole bearer token to info-level logs.
Related
cvelist
cvelist
CVE-2023-47390
2023-11-11 00:00:00
osv
osv
Headscale writes bearer tokens to info-level logs
2023-11-11 18:30:25
CVE-2023-47390
2023-11-11 18:15:14
github
github
Headscale writes bearer tokens to info-level logs
2023-11-11 18:30:25
vulnrichment
vulnrichment
CVE-2023-47390
2023-11-11 00:00:00
prion
prion
Design/Logic Flaw
2023-11-11 18:15:00
cve
cve
CVE-2023-47390
2023-11-11 18:15:14
nvd
nvd
CVE-2023-47390
2023-11-11 18:15:14
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7
Confidence
Low
EPSS
0.001
Percentile
36.0%
Related for VERACODE:44249