First published: Mon Oct 23 2023(Updated: )
Quarkus does not properly sanitize artifacts created from its use of the Gradle plugin, allowing certain build system information to remain. An attacker could use this flaw to access potentially sensitive information from the build system from within the application. This affects versions 3.0.0.CR1 and later.
Affected Software | Affected Version | How to fix |
---|---|---|
Red Hat Build of Quarkus | >=3.0.0.CR1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of REDHAT-BUG-2245700 is classified as a potential information disclosure vulnerability.
To fix REDHAT-BUG-2245700, you should update to a fixed version of Red Hat Quarkus that addresses this vulnerability.
Versions from 3.0.0.CR1 onwards are affected by REDHAT-BUG-2245700.
REDHAT-BUG-2245700 may expose sensitive build system information used by the application.
The vulnerability REDHAT-BUG-2245700 is associated with the Gradle plugin used in Quarkus.