CVE-2024-23686

CVSS V2 None CVSS V3 None
Description
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.
Overview
  • CVE ID
  • CVE-2024-23686
  • Assigner
  • VulnCheck
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-01-19T21:12:13.288Z
  • Last Modified Date
  • 2024-01-19T21:12:13.288Z
Weakness Enumerations
CWE URL
CWE-532 http://cwe.mitre.org/data/definitions/532.html
References
Reference URL Reference Tags
https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5 vendor-advisory
https://github.com/advisories/GHSA-qqhq-8r2c-c3f5 third-party-advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5 third-party-advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2024-23686
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23686
History
Created Old Value New Value Data Type Notes
2024-06-26 07:23:29 Added to TrackCVE