PT-2023-32673 · Unknown · Nodejs-Firestore

Abhishek Mathur

Publicado

2023-12-04

Atualizado

2026-05-07

CVE-2023-6460

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions nodejs-firestore versions prior to 6.1.0

Description A potential logging issue exists within nodejs-firestore, where developers logging objects through this. settings may inadvertently log the firestore key, potentially exposing it to anyone with logs read access.

Recommendations For versions prior to 6.1.0, upgrade to version 6.1.0 to avoid this issue. As a temporary workaround, consider avoiding the logging of objects through this. settings to minimize the risk of exposing the firestore key.

Correção

Insecure Storage of Sensitive Information

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-922CWE-532

Identificadores relacionados

CVE-2023-6460

GHSA-4G6Q-77J7-VVJC

Produtos afetados

Nodejs-Firestore

PT-2023-32673 · Unknown · Nodejs-Firestore

CVE-2023-6460

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12