CVE-2023-44483

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-44483

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44483.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-44483

Aliases

GHSA-xfrj-6vvc-3xm2

Downstream

DEBIAN-CVE-2023-44483

OESA-2025-2380

OESA-2025-2381

OESA-2025-2382

OESA-2025-2383

OESA-2025-2384

OESA-2025-2385

RHSA-2024:0710

RHSA-2024:0711

RHSA-2024:0712

RHSA-2024:0798

RHSA-2024:0799

RHSA-2024:0800

UBUNTU-CVE-2023-44483

Related

Published

2023-10-20T10:15:12Z

Modified

2025-10-21T13:27:05.596046Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.

References

Affected packages

Git / github.com/apache/santuario-xml-security-java

Affected ranges

Type: GIT
Repo: https://github.com/apache/santuario-xml-security-java
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a6fdd4a275fdf6b50fb5c0a8edef5be7c6e7347c

Affected versions

xmlsec-2.*

xmlsec-2.2.0

xmlsec-2.2.1

xmlsec-2.2.2

xmlsec-2.2.3

xmlsec-2.2.4

xmlsec-2.2.5