CVE-2023-5720

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.

Published: Nov 15, 2023
Updated: May 9, 2024
CVE: CVE-2023-5720
GHSA: GHSA-p62q-5483-h57v
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-526

Affected Software
References

Software	From	Fixed in
io.quarkus / quarkus-project	3.0.0.CR1	3.5.1.x
quarkus / quarkus	3.0.0-candidate_release1	3.0.0-candidate_release1.x
quarkus / quarkus	3.0.0-candidate_release2	3.0.0-candidate_release2.x
quarkus / quarkus	3.0.1	3.2.8

https://access.redhat.com/security/cve/CVE-2023-5720
https://bugzilla.redhat.com/show_bug.cgi?id=2245700

Vulnerability Database

289,599

CVE-2023-5720