CVE-2024-23686

{"id": "CVE-2024-23686", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-01-19T22:15:08.437", "references": [{"url": "https://github.com/advisories/GHSA-qqhq-8r2c-c3f5", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/advisories/GHSA-qqhq-8r2c-c3f5", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file."}, {"lang": "es", "value": "DependencyCheck para Maven 9.0.0 a 9.0.6, para la Interfaz de L\u00ednea de Comandos (CLI) versi\u00f3n 9.0.0 a 9.0.5 y para Ant versiones 9.0.0 a 9.0.5, cuando se usa en modo de depuraci\u00f3n, permite a un atacante recuperar la clave API NVD de un archivo de registro."}], "lastModified": "2025-11-29T02:15:52.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:ant:*:*", "vulnerable": true, "matchCriteriaId": "4B46B595-71B8-4A55-884B-333B36B60773", "versionEndIncluding": "9.0.5", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:cli:*:*", "vulnerable": true, "matchCriteriaId": "CB4D8662-BC31-4105-9B5A-A64C482A880E", "versionEndIncluding": "9.0.5", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:owasp:dependency-check:*:*:*:*:*:maven:*:*", "vulnerable": true, "matchCriteriaId": "BF9CA0F5-E249-4577-BEAD-54CE438914AD", "versionEndExcluding": "9.0.6", "versionStartIncluding": "9.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}