Cleartext Password in Server Logs Due to Accidental Password Value Assignment
CVE-2023-52723

7.1HIGH

Key Information:

Vendor: KDE
Status: libksieve
Vendor: CVE Published:; 29 April 2024

What is CVE-2023-52723?

A security flaw in KDE's libksieve component allows the inadvertent logging of cleartext passwords due to a misassignment in the session management code. This can expose sensitive user credentials in server logs, potentially compromising data integrity and privacy. Users of libksieve versions prior to 23.03.80 should update their software to mitigate this risk and safeguard their information from unauthorized access.

References

https://invent.kde.org/pim/libksieve/-/commit/6b460ba93ac...

https://invent.kde.org/pim/libksieve/-/tags/v23.03.80

https://www.openwall.com/lists/oss-security/2024/04/25/1

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2024

CVE-2023-52723 Data

JSON