DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.
References
Link | Resource |
---|---|
https://github.com/advisories/GHSA-qqhq-8r2c-c3f5 | Third Party Advisory |
https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5 | Vendor Advisory |
https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: VulnCheck
Published: 2024-01-19T21:12:13.288Z
Updated: 2024-01-19T21:12:13.288Z
Reserved: 2024-01-19T17:35:09.985Z
Link: CVE-2024-23686
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-19T22:15:08.437
Modified: 2024-01-26T18:21:02.877
Link: CVE-2024-23686
JSON object: View
Redhat Information
No data.
CWE