What is the severity of CVE-2022-24875?

CVE-2022-24875 is classified as a medium severity vulnerability due to the logging of user secrets.

How do I fix CVE-2022-24875?

You can fix CVE-2022-24875 by updating to version 1.1.2 or later of the CVE services API.

What software versions are affected by CVE-2022-24875?

CVE-2022-24875 affects versions of the CVE services API up to and including 1.1.1.

What type of information is exposed in CVE-2022-24875?

CVE-2022-24875 exposes user secrets through improper logging in the `org.controller.js` code.

Is there a public commit related to CVE-2022-24875?

Yes, the fix for CVE-2022-24875 can be found in commit `46d98f2b` on the CVEProject GitHub repository.

Vulnerability/
CVE-2022-24875

high

7.5

CWE

532

21/4/2022

3/8/2024

CVE-2022-24875: Potential Secrets being logged to disk in CVEProject/cve-services

First published: Thu Apr 21 2022(Updated: )

The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the `org.conroller.js` code would erroneously log user secrets. This has been resolved in commit `46d98f2b` and should be available in subsequent versions of the software. Users of the software are advised to manually apply the `46d98f2b` commit or to update when a new version becomes available. As a workaround users should inspect their logs and remove logged secrets as appropriate.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Mitre CVE Services	<=1.1.1

Remedy

https://github.com/CVEProject/cve-services/commit/46d98f2b1427fc6ba1c2bc443dc6688fd400f1f4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-24875?
CVE-2022-24875 is classified as a medium severity vulnerability due to the logging of user secrets.
How do I fix CVE-2022-24875?
You can fix CVE-2022-24875 by updating to version 1.1.2 or later of the CVE services API.
What software versions are affected by CVE-2022-24875?
CVE-2022-24875 affects versions of the CVE services API up to and including 1.1.1.
What type of information is exposed in CVE-2022-24875?
CVE-2022-24875 exposes user secrets through improper logging in the `org.controller.js` code.
Is there a public commit related to CVE-2022-24875?
Yes, the fix for CVE-2022-24875 can be found in commit `46d98f2b` on the CVEProject GitHub repository.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/severity
agent/remedy
agent/title
agent/author
agent/first-publish-date
agent/description
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cve
canonical/mitre cve services
version/mitre cve services/1.1.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.