CVE-2024-23686

CVE-2024-23686: DependencyCheck Debug Mode Logging of NVD API Key

Weakness CWE-532 · Sensitive info in logs
Published January 19, 2024
Last update November 29, 2025

CVSS base score

What the vulnerability does

01Description

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.

Key dates

02Disclosure timeline

January 19, 2024 CVE published
November 29, 2025 Record updated

Related vulnerabilities

04Related CVE