CVE-2022-31004

HIGH Year: 2022
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-779
View all →

Vulnerability Description

CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were called in production, it is possible that it would write the plaintext key to disk. A patch is not available as of time of publication but is anticipated as a "hot fix" for version 1.1.1 and for the 2.x branch.

Related Vulnerabilities

CVE-2024-36416

HIGH
CVSS:7.5(High)

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by...

CWE-7792024

CVE-2024-36072

CRITICAL
CVSS:9.8(Critical)

Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server appli...

CWE-7792024

CVE-2024-36416

HIGH
CVSS:7.5(High)

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by...

CWE-7792024

CVE-2021-25420

MEDIUM
CVSS:5.5(Medium)

Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

CWE-7792021

CVE-2021-25421

MEDIUM
CVSS:5.5(Medium)

Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

CWE-7792021

CVE-2021-25422

MEDIUM
CVSS:5.5(Medium)

Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

CWE-7792021