CVE-2023-6460

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions nodejs-firestore versions prior to 6.1.0

Description A potential logging issue exists within nodejs-firestore, where developers logging objects through this. settings may inadvertently log the firestore key, potentially exposing it to anyone with logs read access.

Recommendations For versions prior to 6.1.0, upgrade to version 6.1.0 to avoid this issue. As a temporary workaround, consider avoiding the logging of objects through this. settings to minimize the risk of exposing the firestore key.

Fix

Insecure Storage of Sensitive Information

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-922CWE-532

Related Identifiers

CVE-2023-6460

GHSA-4G6Q-77J7-VVJC

Affected Products

Nodejs-Firestore

CVE-2023-6460

Weakness Enumeration

Related Identifiers

Affected Products

References · 12