9.1

CVE-2023-31056

CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CloverdxCloverdx Version >= 5.14.0 <= 5.14.3
CloverdxCloverdx Version >= 5.15.0 <= 5.15.3
CloverdxCloverdx Version >= 5.17.0 < 5.17.3
CloverdxCloverdx Version5.16.0
CloverdxCloverdx Version5.16.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.391
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cve@mitre.org 9.1 2.3 6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.