What is the severity of CVE-2024-23686?

CVE-2024-23686 is classified as a medium severity vulnerability due to potential exposure of sensitive information.

How do I fix CVE-2024-23686?

To remediate CVE-2024-23686, upgrade to version 9.0.6 or later of the affected DependencyCheck packages.

Which versions are affected by CVE-2024-23686?

CVE-2024-23686 affects DependencyCheck for Maven versions 9.0.0 to 9.0.6, CLI versions 9.0.0 to 9.0.5, and Ant versions 9.0.0 to 9.0.5.

What does CVE-2024-23686 exploit?

CVE-2024-23686 allows an attacker to recover the NVD API Key from a log file when DependencyCheck is run in debug mode.

What are the implications of CVE-2024-23686?

The implications of CVE-2024-23686 include potential unauthorized access to the NVD API, which can lead to further exploitation.

Vulnerability/
CVE-2024-23686

medium

5.3

CWE

532

EPSS

0.052%

19/1/2024

20/1/2024

1/8/2024

CVE-2024-23686: DependencyCheck Debug Mode Logging of NVD API Key

First published: Fri Jan 19 2024(Updated: )

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.

Credit: disclosure@vulncheck.com disclosure@vulncheck.com

Affected Software	Affected Version	How to fix
maven/org.owasp:dependency-check-maven	>=9.0.0<9.0.6	9.0.6
maven/org.owasp:dependency-check-cli	>=9.0.0<9.0.6	9.0.6
maven/org.owasp:dependency-check-ant	>=9.0.0<9.0.6	9.0.6
OWASP Dependency-Check	>=9.0.0<=9.0.5
OWASP Dependency-Check	>=9.0.0<=9.0.5
OWASP Dependency-Check	>=9.0.0<9.0.6

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-23686?
CVE-2024-23686 is classified as a medium severity vulnerability due to potential exposure of sensitive information.
How do I fix CVE-2024-23686?
To remediate CVE-2024-23686, upgrade to version 9.0.6 or later of the affected DependencyCheck packages.
Which versions are affected by CVE-2024-23686?
CVE-2024-23686 affects DependencyCheck for Maven versions 9.0.0 to 9.0.6, CLI versions 9.0.0 to 9.0.5, and Ant versions 9.0.0 to 9.0.5.
What does CVE-2024-23686 exploit?
CVE-2024-23686 allows an attacker to recover the NVD API Key from a log file when DependencyCheck is run in debug mode.
What are the implications of CVE-2024-23686?
The implications of CVE-2024-23686 include potential unauthorized access to the NVD API, which can lead to further exploitation.

agent/weakness
agent/title
agent/description
agent/type
agent/first-publish-date
agent/references
agent/author
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/severity
collector/nvd-cve
agent/event
collector/github-advisory-latest
source/GitHub
alias/GHSA-frxm-v7q3-v2wv
alias/CVE-2024-23686
collector/github-advisory
collector/epss-latest
source/FIRST
agent/epss
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/tags
agent/source
vendor/owasp
canonical/owasp dependency-check
version/owasp dependency-check/9.0.0
version/owasp dependency-check/9.0.5
package-manager/maven

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.