Lucene search
SonatypeVULNRICHMENT:CVE-2024-6060HistoryJun 25, 2024 - 9:36 p.m.
CVE-2024-6060
2024-06-2521:36:33
CWE-532
Sonatype
github.com
3
vulnerability
phloc webscopes
information disclosure
local attackers
log files
http requests
user passwords
sensitive information
CVSS4
9.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
PASSIVE
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/SC:H/VI:H/SI:H/VA:L/SA:L/AU:N/U:Red/R:U/V:C/RE:M
AI Score
6.1
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:phloc:webscopes:7.0.0:*:*:*:*:*:*:*"
],
"vendor": "phloc",
"product": "webscopes",
"versions": [
{
"status": "affected",
"version": "7.0.0"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:phloc:webscopes:7.0.0:*:*:*:*:*:*:*"
],
"vendor": "phloc",
"product": "webscopes",
"versions": [
{
"status": "affected",
"version": "pkg:maven/com.phloc/[email protected]"
}
],
"defaultStatus": "unknown"
}
]Related
veracode
veracode
Insertion Of Sensitive Information Into Log File.
2024-07-04 07:10:38
nvd
nvd
CVE-2024-6060
2024-06-25 22:15:35
cvelist
cvelist
CVE-2024-6060
2024-06-25 21:36:33
cve
cve
CVE-2024-6060
2024-06-25 22:15:35
CVSS4
9.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
PASSIVE
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/SC:H/VI:H/SI:H/VA:L/SA:L/AU:N/U:Red/R:U/V:C/RE:M
AI Score
6.1
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Related for VULNRICHMENT:CVE-2024-6060