CVE-2024-6060

An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information.

CVSS

No CVSS.

References

Link	Resource
https://sites.google.com/sonatype.com/vulnerabilities/cve-2024-6060

Configurations

No configuration.

History

No history.

Information

Published : 2024-06-25 22:15

Updated : 2024-06-26 15:15

NVD link : CVE-2024-6060

Mitre link : CVE-2024-6060

CVE.ORG link : CVE-2024-6060

JSON object : View

Products Affected

No product.

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2024-6060", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "103e4ec9-0a87-450b-af77-479448ddef11", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "USER", "baseScore": 9.3, "automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Red", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "RED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "HIGH", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "subsequentSystemAvailability": "LOW", "vulnerableSystemAvailability": "LOW", "subsequentSystemConfidentiality": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-06-25T22:15:35.347", "references": [{"url": "https://sites.google.com/sonatype.com/vulnerabilities/cve-2024-6060", "source": "103e4ec9-0a87-450b-af77-479448ddef11"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "103e4ec9-0a87-450b-af77-479448ddef11", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information."}, {"lang": "es", "value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Phloc Webscopes 7.0.0 permite a atacantes locales con acceso a los archivos de registro ver solicitudes HTTP registradas que contienen contrase\u00f1as de usuario u otra informaci\u00f3n confidencial."}], "lastModified": "2024-06-26T15:15:20.570", "sourceIdentifier": "103e4ec9-0a87-450b-af77-479448ddef11"}

CVE-2024-6060

JSON object

Attach tags to CVE-2024-6060

Attach tags to `CVE-2024-6060`