CVE-2023-6460
04.12.2023, 13:15
A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issueEnginsight
| Vendor | Product | Version |
|---|---|---|
| cloud_firestore | 𝑥 < 6.1.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-922 - Insecure Storage of Sensitive InformationThe software stores sensitive information without properly limiting read or write access by unauthorized actors.
- CWE-532 - Insertion of Sensitive Information into Log FileInformation written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.