Impact
The vulnerability allows an attacker who can read system logs to view sensitive values that were inadvertently logged during a deployment or launch step. This results in a breach of confidential information and could reveal credentials, tokens, or other secrets stored in the logs. The weakness is a classic instance of CWE‑532, where sensitive information is logged without sufficient protection.
Affected Systems
The affected product is HCL DevOps Deploy / HCL Launch from HCLSoftware. No specific version details are provided, so any installation of the product that logs sensitive data during deployment may be vulnerable.
Risk and Exploitability
With a CVSS score of 4.3 the risk is moderate, and the EPSS score is not available, making exploitation probability unclear. The vulnerability is not listed in the CISA KEV catalog. An attacker must have read access to the logs, which typically requires local or elevated privileges, although remote compromise of the logging infrastructure could also provide the necessary access. Once obtained, the disclosed data could be used for privilege escalation, credential theft, or further attacks against downstream systems.
OpenCVE Enrichment