Cve Services
CVE-2022-24875
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the org.conroller.js code would erroneously log user secrets. This has been resolved in commit 46d98f2b and should be available in subsequent versions of the software. Users of the software are advised to manually apply the 46d98f2b commit or to update when a new version becomes available. As a workaround users should inspect their logs and remove logged secrets as appropriate.
AnalysisAI
The CVEProject/cve-services is an open source project used to operate the CVE services api. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-532. The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the org.conroller.js code would erroneously log user secrets. This has been resolved in commit 46d98f2b and should be available in subsequent versions of the software. Users of the software are advised to manually apply the 46d98f2b commit or to update when a new version becomes available. As a workaround users should inspect their logs and remove logged secrets as appropriate. Affected products include: Cve Cve-Services.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Cve Services
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today