CVE-2024-23686

medium

Description

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.

References

Advisories

https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5

https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5

https://github.com/advisories/GHSA-qqhq-8r2c-c3f5

Details

Source: Mitre, NVD

Published: 2024-01-19

Updated: 2024-01-26

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N