We found results for “”
CVE-2024-23686
Good to know:
Date: January 19, 2024
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.
Language: Java
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Information Exposure Through Log Files
CWE-532Top Fix
Upgrade Version
Upgrade to version org.owasp:dependency-check-maven:9.0.6, org.owasp:dependency-check-cli:9.0.6, org.owasp:dependency-check-ant:9.0.6
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |