Home > Vulnerability Database > CVE-2024-23686

Mend.io Vulnerability Database

CVE-2024-23686

Good to know:

Date: January 19, 2024

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.

Language: Java

Severity Score

5.3

Related Resources (5)

Url: https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5

Url: https://github.com/advisories/GHSA-qqhq-8r2c-c3f5

Url: https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-23686

Url: https://www.mend.io/vulnerability-database/CVE-2024-23686

Severity Score

5.3

Weakness Type (CWE)

Information Exposure Through Log Files

CWE-532

Top Fix

Upgrade Version

Upgrade to version org.owasp:dependency-check-maven:9.0.6, org.owasp:dependency-check-cli:9.0.6, org.owasp:dependency-check-ant:9.0.6

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-23686

Good to know:

Date: January 19, 2024

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?