CVE-2024-6060 (GCVE-0-2024-6060)
Vulnerability from cvelistv5
Published
2024-06-25 21:36
Modified
2025-12-30 15:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phloc:webscopes:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webscopes",
"vendor": "phloc",
"versions": [
{
"status": "affected",
"version": "7.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:phloc:webscopes:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webscopes",
"vendor": "phloc",
"versions": [
{
"status": "affected",
"version": "pkg:maven/com.phloc/phloc-webscopes@7.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T13:53:58.608685Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T15:47:18.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://sites.google.com/sonatype.com/vulnerabilities/cve-2024-6060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "phloc-webscopes",
"product": "Webscopes",
"repo": "https://github.com/phlocbg/phloc-webbasics",
"vendor": "Phloc",
"versions": [
{
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "pkg:maven/com.phloc/phloc-webscopes@7.0.0",
"versionType": "purl"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information."
}
],
"value": "An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/AU:N/R:U/V:C/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-30T15:45:14.524Z",
"orgId": "103e4ec9-0a87-450b-af77-479448ddef11",
"shortName": "Sonatype"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.sonatype.com/security-advisories/cve-2024-6060"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "103e4ec9-0a87-450b-af77-479448ddef11",
"assignerShortName": "Sonatype",
"cveId": "CVE-2024-6060",
"datePublished": "2024-06-25T21:36:33.840Z",
"dateReserved": "2024-06-17T13:21:32.314Z",
"dateUpdated": "2025-12-30T15:45:14.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-6060\",\"sourceIdentifier\":\"103e4ec9-0a87-450b-af77-479448ddef11\",\"published\":\"2024-06-25T22:15:35.347\",\"lastModified\":\"2025-12-30T16:15:41.187\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Phloc Webscopes 7.0.0 permite a atacantes locales con acceso a los archivos de registro ver solicitudes HTTP registradas que contienen contrase\u00f1as de usuario u otra informaci\u00f3n confidencial.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"103e4ec9-0a87-450b-af77-479448ddef11\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Red\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NO\",\"Recovery\":\"USER\",\"valueDensity\":\"CONCENTRATED\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"RED\"}}]},\"weaknesses\":[{\"source\":\"103e4ec9-0a87-450b-af77-479448ddef11\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"references\":[{\"url\":\"https://www.sonatype.com/security-advisories/cve-2024-6060\",\"source\":\"103e4ec9-0a87-450b-af77-479448ddef11\"},{\"url\":\"https://sites.google.com/sonatype.com/vulnerabilities/cve-2024-6060\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://sites.google.com/sonatype.com/vulnerabilities/cve-2024-6060\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T21:25:03.240Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-6060\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-26T13:53:58.608685Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:phloc:webscopes:7.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"phloc\", \"product\": \"webscopes\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.0.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:phloc:webscopes:7.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"phloc\", \"product\": \"webscopes\", \"versions\": [{\"status\": \"affected\", \"version\": \"pkg:maven/com.phloc/phloc-webscopes@7.0.0\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-26T13:56:06.288Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 9.3, \"Automatable\": \"NO\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"CONCENTRATED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/AU:N/R:U/V:C/RE:M/U:Red\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"RED\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/phlocbg/phloc-webbasics\", \"vendor\": \"Phloc\", \"product\": \"Webscopes\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"pkg:maven/com.phloc/phloc-webscopes@7.0.0\", \"versionType\": \"purl\"}], \"packageName\": \"phloc-webscopes\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.sonatype.com/security-advisories/cve-2024-6060\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-532\", \"description\": \"CWE-532 Insertion of Sensitive Information into Log File\"}]}], \"providerMetadata\": {\"orgId\": \"103e4ec9-0a87-450b-af77-479448ddef11\", \"shortName\": \"Sonatype\", \"dateUpdated\": \"2025-12-30T15:45:14.524Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-6060\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-30T15:45:14.524Z\", \"dateReserved\": \"2024-06-17T13:21:32.314Z\", \"assignerOrgId\": \"103e4ec9-0a87-450b-af77-479448ddef11\", \"datePublished\": \"2024-06-25T21:36:33.840Z\", \"assignerShortName\": \"Sonatype\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…