Home > Vulnerability Database > CVE-2022-24875

Mend.io Vulnerability Database

CVE-2022-24875

Date: April 21, 2022

The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the "org.conroller.js" code would erroneously log user secrets. This has been resolved in commit "46d98f2b" and should be available in subsequent versions of the software. Users of the software are advised to manually apply the "46d98f2b" commit or to update when a new version becomes available. As a workaround users should inspect their logs and remove logged secrets as appropriate.

Language: JS

Severity Score

5.3

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-24875

Url: https://github.com/CVEProject/cve-services/security/advisories/GHSA-rhj9-qx37-7m2m

Url: https://github.com/CVEProject/cve-services/commit/46d98f2b1427fc6ba1c2bc443dc6688fd400f1f4

Url: https://www.mend.io/vulnerability-database/CVE-2022-24875

Severity Score

5.3

Weakness Type (CWE)

Insertion of Sensitive Information into Log File

CWE-532

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-24875

Date: April 21, 2022

Language: JS

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?