CVE-2023-5720 HIGH

CVE-2023-5720: Quarkus: build env information disclosure via gradle plugin

Vendor N/A
Product gradle-plugin
Weakness CWE-526
Published November 15, 2023
Last update August 2, 2024

CVSS base score

7.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.

Key dates

02Disclosure timeline

November 15, 2023 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE