← Back

CVE-2023-23591

nvd nist
Published: Apr 12, 2023Modified: Feb 10, 2025

JSON object

Loading...
4.9
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.2 / Impact: 3.6
Source: NVD

Description

The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. The fixed versions are 8.2.18.7, 8.2.18.2.2, 8.3.11.1, and 8.3.14.1.

Affected (4)

Terminalfour
1 product
Terminalfour
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Terminalfour
Terminalfour
Before 8.2.18.2.2
Terminalfour
From 8.2.18.3 to 8.2.18.7
Terminalfour
From 8.3.0 to 8.3.11.1
Terminalfour
From 8.3.12 to 8.3.14.1

Related CWEs

CWE-532
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (4)

Source: cve@mitre.org
Release Notes
Source: cve@mitre.org
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes

Timeline

No history available yet.