Cloud Firestore
CVE-2023-6460
MEDIUM
Severity by source
AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue
AnalysisAI
A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially. Rated medium severity (CVSS 4.0).
Technical ContextAI
This vulnerability is classified under CWE-922. A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue Affected products include: Google Cloud Firestore. Version information: version 6.1.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Same weakness CWE-922 – Insecure Storage of Sensitive Information
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today