{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-23591", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T10:35:33.584Z", "dateReserved": "2023-01-15T00:00:00", "datePublished": "2023-04-12T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-04-12T00:00:00"}, "descriptions": [{"lang": "en", "value": "The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. The fixed versions are 8.2.18.7, 8.2.18.2.2, 8.3.11.1, and 8.3.14.1."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://docs.terminalfour.com/articles/release-notes-highlights/"}, {"url": "https://docs.terminalfour.com/release-notes/83/15.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:35:33.584Z"}, "title": "CVE Program Container", "references": [{"url": "https://docs.terminalfour.com/articles/release-notes-highlights/", "tags": ["x_transferred"]}, {"url": "https://docs.terminalfour.com/release-notes/83/15.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:terminalfour:terminalfour:*:*:*:*:*:*:*:*", "matchCriteriaId": "E79944D6-E8B2-4EBC-AF75-6120239DB488", "versionEndExcluding": "8.2.18.2.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:terminalfour:terminalfour:*:*:*:*:*:*:*:*", "matchCriteriaId": "C308F327-0943-448E-96AA-0708C2C7BA19", "versionEndExcluding": "8.2.18.7", "versionStartIncluding": "8.2.18.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:terminalfour:terminalfour:*:*:*:*:*:*:*:*", "matchCriteriaId": "903E401B-B503-4692-A37E-1B5E6F8B0456", "versionEndExcluding": "8.3.11.1", "versionStartIncluding": "8.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:terminalfour:terminalfour:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0C42AEF-3566-490F-A5BE-D3FC0A931DC1", "versionEndExcluding": "8.3.14.1", "versionStartIncluding": "8.3.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. The fixed versions are 8.2.18.7, 8.2.18.2.2, 8.3.11.1, and 8.3.14.1."}], "id": "CVE-2023-23591", "lastModified": "2023-04-19T19:34:07.893", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-12T14:15:07.687", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://docs.terminalfour.com/articles/release-notes-highlights/"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://docs.terminalfour.com/release-notes/83/15.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}