CVE-2023-28441
8
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
Summary
smartCARS 3 is flight tracking software. In version 0.5.8 and prior, all persons who have failed login attempts will have their password stored in error logs. This problem doesn't occur in version 0.5.9. As a workaround, delete the affected log file, and ensure one logs in correctly.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| invernyx | smartcars-3-bugs | < 0.5.9 | affected |
Weaknesses
- CWE-532: CWE-532: Insertion of Sensitive Information into Log File
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.