{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23686", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2024-01-19T17:35:09.985Z", "datePublished": "2024-01-19T21:12:13.288Z", "dateUpdated": "2024-08-01T23:06:25.281Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected", "packageName": "org.owasp:dependency-check-maven", "versions": [{"lessThanOrEqual": "9.0.6", "status": "affected", "version": "9.0.0", "versionType": "maven"}]}, {"collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected", "packageName": "org.owasp:dependency-check-cli", "versions": [{"lessThanOrEqual": "9.0.5", "status": "affected", "version": "9.0.0", "versionType": "maven"}]}, {"collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected", "packageName": "org.owasp:dependency-check-ant", "versions": [{"lessThanOrEqual": "9.0.5", "status": "affected", "version": "9.0.0", "versionType": "maven"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.</p>"}], "value": "DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.\n\n"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2024-01-19T21:12:13.288Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5"}, {"tags": ["third-party-advisory"], "url": "https://github.com/advisories/GHSA-qqhq-8r2c-c3f5"}, {"tags": ["third-party-advisory"], "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5"}], "source": {"discovery": "INTERNAL"}, "title": "DependencyCheck Debug Mode Logging of NVD API Key"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.281Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://github.com/advisories/GHSA-qqhq-8r2c-c3f5"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:ant:*:*", "matchCriteriaId": "4B46B595-71B8-4A55-884B-333B36B60773", "versionEndIncluding": "9.0.5", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:cli:*:*", "matchCriteriaId": "CB4D8662-BC31-4105-9B5A-A64C482A880E", "versionEndIncluding": "9.0.5", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:maven:*:*", "matchCriteriaId": "BF9CA0F5-E249-4577-BEAD-54CE438914AD", "versionEndExcluding": "9.0.6", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.\n\n"}, {"lang": "es", "value": "DependencyCheck para Maven 9.0.0 a 9.0.6, para la Interfaz de L\u00ednea de Comandos (CLI) versi\u00f3n 9.0.0 a 9.0.5 y para Ant versiones 9.0.0 a 9.0.5, cuando se usa en modo de depuraci\u00f3n, permite a un atacante recuperar la clave API NVD de un archivo de registro."}], "id": "CVE-2024-23686", "lastModified": "2024-11-21T08:58:10.460", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-19T22:15:08.437", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://github.com/advisories/GHSA-qqhq-8r2c-c3f5"}, {"source": "disclosure@vulncheck.com", "tags": ["Vendor Advisory"], "url": "https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/advisories/GHSA-qqhq-8r2c-c3f5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}