cvedb.io
CVE-2022-24875
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2022-04-21T18:15:08.767 · Last modified 2026-06-17T04:32:42.517

Summary

The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the `org.conroller.js` code would erroneously log user secrets. This has been resolved in commit `46d98f2b` and should be available in subsequent versions of the software. Users of the software are advised to manually apply the `46d98f2b` commit or to update when a new version becomes available. As a workaround users should inspect their logs and remove logged secrets as appropriate.

Affected products

cve — cve-services

Does this affect you?

Add your gear to cvedb and we'll alert you only when cve ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.