CVE-2024-6060 - Vulnerability Details - OpenCVE

An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact Low

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00053.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Phloc	Webscopes

No data.

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://sites.google.com/sonatype.com/vulnerabilities/cve-2024-6060

History

Wed, 18 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Phloc Phloc webscopes
CPEs		cpe:2.3:a:phloc:webscopes:7.0.0:::::::*
Vendors & Products		Phloc Phloc webscopes
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Sonatype

Published: 2024-06-25T21:36:33.840Z

Updated: 2024-09-18T15:47:18.064Z

Reserved: 2024-06-17T13:21:32.314Z

Link: CVE-2024-6060

Vulnrichment

Updated: 2024-08-01T21:25:03.240Z

NVD

Status : Awaiting Analysis

Published: 2024-06-25T22:15:35.347

Modified: 2024-11-21T09:48:52.130

Link: CVE-2024-6060

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6060", "assignerOrgId": "103e4ec9-0a87-450b-af77-479448ddef11", "state": "PUBLISHED", "assignerShortName": "Sonatype", "dateReserved": "2024-06-17T13:21:32.314Z", "datePublished": "2024-06-25T21:36:33.840Z", "dateUpdated": "2024-09-18T15:47:18.064Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "phloc-webscopes", "product": "Webscopes", "repo": "https://github.com/phlocbg/phloc-webbasics", "vendor": "Phloc", "versions": [{"status": "affected", "version": "7.0.0", "versionType": "semver"}, {"status": "affected", "version": "pkg:maven/com.phloc/phloc-webscopes@7.0.0", "versionType": "purl"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information."}], "value": "An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information."}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/AU:N/R:U/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "103e4ec9-0a87-450b-af77-479448ddef11", "shortName": "Sonatype", "dateUpdated": "2024-06-26T14:56:23.787Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://sites.google.com/sonatype.com/vulnerabilities/cve-2024-6060"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "phloc", "product": "webscopes", "cpes": ["cpe:2.3:a:phloc:webscopes:7.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.0.0", "status": "affected"}]}, {"vendor": "phloc", "product": "webscopes", "cpes": ["cpe:2.3:a:phloc:webscopes:7.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "pkg:maven/com.phloc/phloc-webscopes@7.0.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T13:53:58.608685Z", "id": "CVE-2024-6060", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T15:47:18.064Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.240Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://sites.google.com/sonatype.com/vulnerabilities/cve-2024-6060"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://sites.google.com/sonatype.com/vulnerabilities/cve-2024-6060", "tags": ["third-party-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.240Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6060", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-26T13:53:58.608685Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:phloc:webscopes:7.0.0:*:*:*:*:*:*:*"], "vendor": "phloc", "product": "webscopes", "versions": [{"status": "affected", "version": "7.0.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:phloc:webscopes:7.0.0:*:*:*:*:*:*:*"], "vendor": "phloc", "product": "webscopes", "versions": [{"status": "affected", "version": "pkg:maven/com.phloc/phloc-webscopes@7.0.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T13:56:06.288Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 9.3, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/AU:N/R:U/V:C/RE:M/U:Red", "providerUrgency": "RED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/phlocbg/phloc-webbasics", "vendor": "Phloc", "product": "Webscopes", "versions": [{"status": "affected", "version": "7.0.0", "versionType": "semver"}, {"status": "affected", "version": "pkg:maven/com.phloc/phloc-webscopes@7.0.0", "versionType": "purl"}], "packageName": "phloc-webscopes", "defaultStatus": "unaffected"}], "references": [{"url": "https://sites.google.com/sonatype.com/vulnerabilities/cve-2024-6060", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information.", "supportingMedia": [{"type": "text/html", "value": "An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "103e4ec9-0a87-450b-af77-479448ddef11", "shortName": "Sonatype", "dateUpdated": "2024-06-26T14:56:23.787Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6060", "state": "PUBLISHED", "dateUpdated": "2024-09-18T15:47:18.064Z", "dateReserved": "2024-06-17T13:21:32.314Z", "assignerOrgId": "103e4ec9-0a87-450b-af77-479448ddef11", "datePublished": "2024-06-25T21:36:33.840Z", "assignerShortName": "Sonatype"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information."}, {"lang": "es", "value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Phloc Webscopes 7.0.0 permite a atacantes locales con acceso a los archivos de registro ver solicitudes HTTP registradas que contienen contrase\u00f1as de usuario u otra informaci\u00f3n confidencial."}], "id": "CVE-2024-6060", "lastModified": "2024-11-21T09:48:52.130", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NO", "availabilityRequirements": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "recovery": "USER", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "subsequentSystemConfidentiality": "HIGH", "subsequentSystemIntegrity": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Red", "version": "4.0", "vulnerabilityResponseEffort": "MODERATE", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "103e4ec9-0a87-450b-af77-479448ddef11", "type": "Secondary"}]}, "published": "2024-06-25T22:15:35.347", "references": [{"source": "103e4ec9-0a87-450b-af77-479448ddef11", "url": "https://sites.google.com/sonatype.com/vulnerabilities/cve-2024-6060"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sites.google.com/sonatype.com/vulnerabilities/cve-2024-6060"}], "sourceIdentifier": "103e4ec9-0a87-450b-af77-479448ddef11", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "103e4ec9-0a87-450b-af77-479448ddef11", "type": "Secondary"}]}