SB2022101180 - Inclusion of Sensitive Information in Log Files in dependency-track
Published: October 11, 2022 Updated: April 23, 2026
Security Bulletin ID
SB2022101180
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2022-39351)
The vulnerability allows a local privileged user to disclose sensitive information.
The vulnerability exists due to insertion of sensitive information into log files in the authorization filter audit logging functionality when handling API requests with a valid API key that has insufficient permissions. A local privileged user can submit an API request with such an API key to disclose sensitive information.
Audit logs may be written to log files and standard output.
Remediation
Install update from vendor's website.