cve/2024/CVE-2024-23686.md

### [CVE-2024-23686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23686)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-532%20Insertion%20of%20Sensitive%20Information%20into%20Log%20File&color=brighgreen)

### Description

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.

### POC

#### Reference
- https://github.com/advisories/GHSA-qqhq-8r2c-c3f5
- https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2024-23686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23686)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-532%20Insertion%20of%20Sensitive%20Information%20into%20Log%20File&color=brighgreen)`

			`### Description`

			`DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.`

			`### POC`

			`#### Reference`
			`- https://github.com/advisories/GHSA-qqhq-8r2c-c3f5`
			`- https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5`

			`#### Github`
			`No PoCs found on GitHub currently.`