What is CVE-2024-34715?

CVE-2024-34715 is a low-severity vulnerability in Ethyca Fides, classified under Insertion of Sensitive Information into Log File. CVSS score: 2.3/10. Published 2024-05-29.

How severe is CVE-2024-34715?

Low severity. CVSS v3 base score is 2.3 out of 10.

Information disclosure in Ethyca Fides

CVE-2024-34715

Fides is an open-source privacy engineering platform. The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection…

EPSS: 0.001 (27.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.3 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N.

Affected products

Ethyca Fides — versions < 2.37.0

Weakness classification (CWE)

References

https://github.com/ethyca/fides/security/advisories/GHSA-8cm5-jfj2-26q7 (x_refsource_CONFIRM)
https://github.com/ethyca/fides/commit/6ab37b1ffe2b1a3bd35b706a82f78e061086141c (x_refsource_MISC)
https://docs.sqlalchemy.org/en/14/core/engines.html#escaping-special-characters-such-as-signs-in-passwords (x_refsource_MISC)
https://github.com/sqlalchemy/sqlalchemy/discussions/6615 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-34715?: CVE-2024-34715 is a low-severity vulnerability in Ethyca Fides, classified under Insertion of Sensitive Information into Log File. CVSS score: 2.3/10. Published 2024-05-29.
How severe is CVE-2024-34715?: Low severity. CVSS v3 base score is 2.3 out of 10.