What is CVE-2023-5720?

CVE-2023-5720 is a high-severity vulnerability in Gradle-plugin, classified under CWE-526. CVSS score: 7.7/10. Published 2023-11-15.

How severe is CVE-2023-5720?

High severity. CVSS v3 base score is 7.7 out of 10.

Is CVE-2023-5720 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Gradle-plugin

CVE-2023-5720

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from…

EPSS: 0.027 (86.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N.

Affected products

N/a Gradle-plugin

Weakness classification (CWE)

CWE-526

Public proof-of-concept exploits

References

access.redhat.com/security/cve/CVE-2023-5720 (vdb-entry, x_refsource_REDHAT)
RHBZ#2245700 (issue-tracking, x_refsource_REDHAT)

Frequently asked questions

What is CVE-2023-5720?: CVE-2023-5720 is a high-severity vulnerability in Gradle-plugin, classified under CWE-526. CVSS score: 7.7/10. Published 2023-11-15.
How severe is CVE-2023-5720?: High severity. CVSS v3 base score is 7.7 out of 10.
Is CVE-2023-5720 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.