Main Vulnerability Database Vulnerabilities #VU88868

Inclusion of Sensitive Information in Log Files in nodejs-firestore - CVE-2023-6460

Published: April 22, 2024

Vulnerability identifier: #VU88868

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-6460

CWE-ID: CWE-532

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
nodejs-firestore

Software vendor:
Google APIs

Description

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into log files. A local privileged user can exploit this vulnerability to obtain the firestore key information, and use this information to launch further attacks against the affected system.

Remediation

Install updates from vendor's website.

External links

https://github.com/googleapis/nodejs-firestore/pull/1742

Inclusion of Sensitive Information in Log Files in nodejs-firestore - CVE-2023-6460

Description

Remediation

External links

Please verify you're human