Lucene search
Veracode Vulnerability DatabaseVERACODE:45263HistoryFeb 01, 2024 - 6:02 a.m.
Information Disclosure
2024-02-0106:02:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
spring cloud contract
information disclosure
vulnerability
temporary directories
guava dependency
software
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.8
Confidence
High
EPSS
0
Percentile
5.1%
Spring Cloud Contract is vulnerable to Information Disclosure. The vulnerability is due to temporary directories created with insecure permissions due to the guava dependency.
Related
github
github
Spring Cloud Contract vulnerable to local information disclosure
2024-01-31 09:30:18
osv
osv
Spring Cloud Contract vulnerable to local information disclosure
2024-01-31 09:30:18
CVE-2024-22236
2024-01-31 07:15:07
prion
prion
Information disclosure
2024-01-31 07:15:00
cvelist
cvelist
CVE-2024-22236
2024-01-31 06:54:51
vulnrichment
vulnrichment
CVE-2024-22236
2024-01-31 06:54:51
nvd
nvd
CVE-2024-22236
2024-01-31 07:15:07
cve
cve
CVE-2024-22236
2024-01-31 07:15:07
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.8
Confidence
High
EPSS
0
Percentile
5.1%
Related for VERACODE:45263