CVE-2024-6060 - OpenCVE

An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information.

CVSS

No CVSS.

Vendors & Products
CPE Configurations

No data.

References

Link	Resource
https://sites.google.com/sonatype.com/vulnerabilities/cve-2024-6060

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Sonatype

Published: 2024-06-25T21:36:33.840Z

Updated: 2024-06-26T14:56:23.787Z

Reserved: 2024-06-17T13:21:32.314Z

Link: CVE-2024-6060

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-06-25T22:15:35.347

Modified: 2024-06-26T15:15:20.570

Link: CVE-2024-6060

JSON object: View

Redhat Information

No data.

CWE

CWE-532

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6060", "assignerOrgId": "103e4ec9-0a87-450b-af77-479448ddef11", "state": "PUBLISHED", "assignerShortName": "Sonatype", "dateReserved": "2024-06-17T13:21:32.314Z", "datePublished": "2024-06-25T21:36:33.840Z", "dateUpdated": "2024-06-26T14:56:23.787Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "phloc-webscopes", "product": "Webscopes", "repo": "https://github.com/phlocbg/phloc-webbasics", "vendor": "Phloc", "versions": [{"status": "affected", "version": "7.0.0", "versionType": "semver"}, {"status": "affected", "version": "pkg:maven/com.phloc/phloc-webscopes@7.0.0", "versionType": "purl"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information."}], "value": "An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information."}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/AU:N/R:U/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "103e4ec9-0a87-450b-af77-479448ddef11", "shortName": "Sonatype", "dateUpdated": "2024-06-26T14:56:23.787Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://sites.google.com/sonatype.com/vulnerabilities/cve-2024-6060"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "phloc", "product": "webscopes", "cpes": ["cpe:2.3:a:phloc:webscopes:7.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.0.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T13:53:58.608685Z", "id": "CVE-2024-6060", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T14:00:50.810Z"}}]}}