Lucene search
SonatypeVULNRICHMENT:CVE-2024-6060HistoryJun 25, 2024 - 9:36 p.m.
CVE-2024-6060
2024-06-2521:36:33
CWE-532
Sonatype
github.com
vulnerability
phloc webscopes
information disclosure
local attackers
log files
http requests
user passwords
sensitive information
9.3 High
CVSS4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
PASSIVE
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/SC:H/VI:H/SI:H/VA:L/SA:L/AU:N/U:Red/R:U/V:C/RE:M
6.1 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.2%
An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information.
CNA Affected
[
{
"repo": "https://github.com/phlocbg/phloc-webbasics",
"vendor": "Phloc",
"product": "Webscopes",
"versions": [
{
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "pkg:maven/com.phloc/[email protected]",
"versionType": "purl"
}
],
"packageName": "phloc-webscopes",
"defaultStatus": "unaffected"
}
]Related
nvd
nvd
CVE-2024-6060
2024-06-25 22:15:35
cvelist
cvelist
CVE-2024-6060
2024-06-25 21:36:33
cve
cve
CVE-2024-6060
2024-06-25 22:15:35
9.3 High
CVSS4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
PASSIVE
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/SC:H/VI:H/SI:H/VA:L/SA:L/AU:N/U:Red/R:U/V:C/RE:M
6.1 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.2%
Related for VULNRICHMENT:CVE-2024-6060