CVE-2023-5720

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-5720
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5720.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-5720
Aliases
Published
2023-11-15T14:15:07.900Z
Modified
2026-04-10T05:07:10.170295Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.

References

Affected packages

Git / github.com/quarkusio/quarkus

Affected ranges

Type
GIT
Repo
https://github.com/quarkusio/quarkus
Events
Introduced
eef6e01e5d356c31d90af160b91ff08db32d533f
Fixed
36e8caf2be4cca8ca8759ca30a2bab8d5d35ab63
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
97d47cb560b038712fc0e4310435b7b70f6c4303
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
259c5b1852d563b3edd1fd3df18bf152ca087d42
Database specific 
{
    "versions": [
        {
            "introduced": "3.0.1"
        },
        {
            "fixed": "3.2.8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0-candidate_release1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0-candidate_release2"
        }
    ]
}

Affected versions

3.*
3.0.0.CR1
3.0.0.CR2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5720.json"