{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-23591", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2023-04-12T00:00:00", "dateReserved": "2023-01-15T00:00:00", "datePublished": "2023-04-12T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-04-12T00:00:00"}, "descriptions": [{"lang": "en", "value": "The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. The fixed versions are 8.2.18.7, 8.2.18.2.2, 8.3.11.1, and 8.3.14.1."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://docs.terminalfour.com/articles/release-notes-highlights/"}, {"url": "https://docs.terminalfour.com/release-notes/83/15.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:terminalfour:terminalfour:*:*:*:*:*:*:*:*", "matchCriteriaId": "E79944D6-E8B2-4EBC-AF75-6120239DB488", "versionEndExcluding": "8.2.18.2.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:terminalfour:terminalfour:*:*:*:*:*:*:*:*", "matchCriteriaId": "C308F327-0943-448E-96AA-0708C2C7BA19", "versionEndExcluding": "8.2.18.7", "versionStartIncluding": "8.2.18.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:terminalfour:terminalfour:*:*:*:*:*:*:*:*", "matchCriteriaId": "903E401B-B503-4692-A37E-1B5E6F8B0456", "versionEndExcluding": "8.3.11.1", "versionStartIncluding": "8.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:terminalfour:terminalfour:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0C42AEF-3566-490F-A5BE-D3FC0A931DC1", "versionEndExcluding": "8.3.14.1", "versionStartIncluding": "8.3.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. The fixed versions are 8.2.18.7, 8.2.18.2.2, 8.3.11.1, and 8.3.14.1."}], "id": "CVE-2023-23591", "lastModified": "2023-04-19T19:34:07.893", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-12T14:15:07.687", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://docs.terminalfour.com/articles/release-notes-highlights/"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://docs.terminalfour.com/release-notes/83/15.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}