Main Vulnerability Database Vulnerabilities #VU91686

#VU91686 Cleartext storage of sensitive information in Quarkus - CVE-2024-2700

Published: June 11, 2024

Vulnerability identifier: #VU91686

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-2700

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Quarkus

Software vendor:
Red Hat Inc.

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to cleartext storage of sensitive information in an environment variable. A local user can exploit this vulnerability to obtain local configuration properties information, and use this information to launch further attacks against the affected system.

Remediation

Install updates from vendor's website.

External links

https://access.redhat.com/security/cve/CVE-2024-2700
https://bugzilla.redhat.com/show_bug.cgi?id=2273281
https://access.redhat.com/errata/RHSA-2024:2705
https://access.redhat.com/errata/RHSA-2024:3527

#VU91686 Cleartext storage of sensitive information in Quarkus - CVE-2024-2700

Description

Remediation

External links

Please verify you're human