← Back to CVEs
CVE-2023-6460
MEDIUM4.0
Description
A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue
CVE Details
CVSS v3.1 Score4.0
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
Attack VectorLOCAL
ComplexityHIGH
Privileges RequiredHIGH
User InteractionREQUIRED
Published12/4/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
google:cloud_firestore
Weaknesses (CWE)
CWE-922CWE-532
References
https://github.com/googleapis/nodejs-firestore/pull/1742(cve-coordination@google.com)
https://github.com/googleapis/nodejs-firestore/pull/1742(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.