CVE-2023-31056 CRITICAL

CVE-2023-31056

Vendor N/A

Product n/a

Published April 24, 2023

Last update February 4, 2025

View on NVD All CVEs

CVSS base score

9.1/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N

What the vulnerability does

01Description

CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x.

Key dates

02Disclosure timeline

April 24, 2023 CVE published

February 4, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-31056