Vulnerability Description
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Owasp | Dependency-Check | >= 9.0.0, <= 9.0.5 |
Related Weaknesses (CWE)
References
- https://github.com/advisories/GHSA-qqhq-8r2c-c3f5Third Party Advisory
- https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2cVendor Advisory
- https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5Third Party Advisory
- https://github.com/advisories/GHSA-qqhq-8r2c-c3f5Third Party Advisory
- https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2cVendor Advisory
- https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5Third Party Advisory
FAQ
What is CVE-2024-23686?
CVE-2024-23686 is a vulnerability with a CVSS score of 5.3 (MEDIUM). DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.
How severe is CVE-2024-23686?
CVE-2024-23686 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-23686?
Check the references section above for vendor advisories and patch information. Affected products include: Owasp Dependency-Check.