CVE-2023-5720: Quarkus does not properly sanitize artifacts created from its use of the Gradle plugin, allowing certain build system information to remain

November 15, 2023

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.

References

access.redhat.com/security/cve/CVE-2023-5720
bugzilla.redhat.com/show_bug.cgi?id=2245700
github.com/advisories/GHSA-p62q-5483-h57v
nvd.nist.gov/vuln/detail/CVE-2023-5720

Code Behaviors & Features

Detect and mitigate CVE-2023-5720 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →