CVE-2023-5720 – io.quarkus:quarkus-project

Package

Manager: maven
Name: io.quarkus:quarkus-project
Vulnerable Version: >=3.0.0.cr1 <=3.5.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

EPSS: 0.01864 pctl0.8236

Details

Quarkus does not properly sanitize artifacts created from its use of the Gradle plugin, allowing certain build system information to remain A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.

Metadata

Created: 2023-11-15T15:30:21Z
Modified: 2023-11-15T17:54:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-p62q-5483-h57v/GHSA-p62q-5483-h57v.json
CWE IDs: ["CWE-526"]
Alternative ID: GHSA-p62q-5483-h57v
Finding: F067
Auto approve: 1