CVE-2023-5720: Quarkus: build env information disclosure via gradle plugin

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-5720

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Quarkus: build env information disclosure via gradle plugin

Source: NVD (National Vulnerability Database)

Vulnerability Description

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

通过环境变量导致的信息暴露

Source: NVD (National Vulnerability Database)

Vulnerability Title

Quarkus 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Quarkus是一个用于编写 Java 应用程序的云原生 (Linux) 容器优先框架。 Quarkus存在安全漏洞，该漏洞源于没有正确清理使用Gradle插件创建的工件，从而允许保留某些构建系统信息，允许攻击者从应用程序内的构建系统访问潜在的敏感信息。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	gradle-plugin	-	-

II. Public POCs for CVE-2023-5720

#	POC Description	Source Link	Shenlong Link
1	None	https://github.com/miguelc49/CVE-2023-5720-2	POC Details
2	None	https://github.com/miguelc49/CVE-2023-5720-1	POC Details
3	None	https://github.com/miguelc49/CVE-2023-5720-3	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-5720

Please Login to view more intelligence information

https://access.redhat.com/security/cve/CVE-2023-5720vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2245700issue-trackingx_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2023-5720

IV. Related Vulnerabilities

Same vendor: n/a

Same weakness: CWE-526

V. Comments for CVE-2023-5720

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2023-5720

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-5720

III. Intelligence Information for CVE-2023-5720

IV. Related Vulnerabilities

V. Comments for CVE-2023-5720

Leave a comment