CVE-2023-6460
4
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
Summary
A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| nodejs-firestore | 0 < 6.1.0 | affected |
Weaknesses
- CWE-922: CWE-922 Insecure Storage of Sensitive Information
ADP Enrichment
CVE Program Container
Additional References
References
- https://github.com/googleapis/nodejs-firestore/pull/1742
- https://bughunters.google.com/reports/vrp/KNvgo1Wij
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.