CVE-2023-6460 MEDIUM

CVE-2023-6460: Information leak in nodejs-firestore

Vendor Google

Product nodejs-firestore

Weakness CWE-922

Published December 4, 2023

Last update May 7, 2026

View on NVD All CVEs

CVSS base score

4.0/10

Attack vector Local

Attack complexity High

Privileges required High

User interaction Required

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

Description

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue

Key dates

Disclosure timeline

December 4, 2023 CVE published

May 7, 2026 Record updated