CVE-2023-5720

HIGH 7.7

Quarkus: build env information disclosure via gradle plugin

CVSS Score

7.7

EPSS Score

0.0%

EPSS Percentile

0th

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.

CWE	CWE-526
Vendor	n/a
Product	gradle-plugin
Published	Nov 15, 2023
Last Updated	Aug 2, 2024

Stay Ahead of the Next One

Get instant alerts for n/a gradle-plugin

Be the first to know when new high vulnerabilities affecting n/a gradle-plugin are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

n/a / gradle-plugin

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-5720 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2245700

Credits

Red Hat would like to thank The Gradle Engineering Team for reporting this issue.