CVE-2023-5720 — Quarkus does not properly sanitize artifacts created from its use of the Gradle

Description

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.

How to fix CVE-2023-5720

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

—no fix listed

Is CVE-2023-5720 being exploited?

Low — EPSS is 3.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 3.0.0.CR1, <= 3.5.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-5720
PATCHgithub.com/quarkusio/quarkus
WEBaccess.redhat.com/security/cve/CVE-2023-5720
WEBbugzilla.redhat.com/show_bug.cgi?id=2245700