CVE-2023-6460
CVSS V2 None
CVSS V3 None
Description
A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue
Overview
- CVE ID
- CVE-2023-6460
- Assigner
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-12-04T12:26:29.505Z
- Last Modified Date
- 2024-05-24T08:10:07.290Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/googleapis/nodejs-firestore/pull/1742 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-6460 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6460 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 06:18:18 | Added to TrackCVE |