CVE Vulnerabilities

CVE-2023-6460

Insecure Storage of Sensitive Information

Published: Dec 04, 2023 | Modified: Nov 21, 2024
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue

Weakness

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

Affected Software

Name Vendor Start Version End Version
Cloud_firestore Google * 6.1.0 (excluding)

References