Refine your search
1 vulnerability found for by Phloc
CVE-2024-6060 (GCVE-0-2024-6060)
Vulnerability from cvelistv5
Published
2024-06-25 21:36
Modified
2025-12-30 15:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phloc:webscopes:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webscopes",
"vendor": "phloc",
"versions": [
{
"status": "affected",
"version": "7.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:phloc:webscopes:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webscopes",
"vendor": "phloc",
"versions": [
{
"status": "affected",
"version": "pkg:maven/com.phloc/phloc-webscopes@7.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T13:53:58.608685Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T15:47:18.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://sites.google.com/sonatype.com/vulnerabilities/cve-2024-6060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "phloc-webscopes",
"product": "Webscopes",
"repo": "https://github.com/phlocbg/phloc-webbasics",
"vendor": "Phloc",
"versions": [
{
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "pkg:maven/com.phloc/phloc-webscopes@7.0.0",
"versionType": "purl"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information."
}
],
"value": "An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/AU:N/R:U/V:C/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-30T15:45:14.524Z",
"orgId": "103e4ec9-0a87-450b-af77-479448ddef11",
"shortName": "Sonatype"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.sonatype.com/security-advisories/cve-2024-6060"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "103e4ec9-0a87-450b-af77-479448ddef11",
"assignerShortName": "Sonatype",
"cveId": "CVE-2024-6060",
"datePublished": "2024-06-25T21:36:33.840Z",
"dateReserved": "2024-06-17T13:21:32.314Z",
"dateUpdated": "2025-12-30T15:45:14.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}