CVE-2023-44483

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-44483
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-44483.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-44483
Aliases
Downstream
Related
Published
2023-10-20T09:23:53.483Z
Modified
2026-05-08T12:27:35.996652Z
Summary
Apache Santuario: Private Key disclosure in debug-log output
Details

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.

Database specific 
{
    "cna_assigner": "apache",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/44xxx/CVE-2023-44483.json",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "2.2"
                },
                {
                    "fixed": "2.2.6"
                },
                {
                    "introduced": "2.3"
                },
                {
                    "fixed": "2.3.4"
                },
                {
                    "introduced": "3.0"
                },
                {
                    "fixed": "3.0.3"
                }
            ]
        }
    ],
    "cwe_ids": [
        "CWE-532"
    ]
}
References

Affected packages

Git / github.com/apache/santuario-xml-security-java

Affected ranges

Type
GIT
Repo
https://github.com/apache/santuario-xml-security-java
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a6fdd4a275fdf6b50fb5c0a8edef5be7c6e7347c
Introduced
b92648414cb50f3e77f606a690774584be4b5c40
Fixed
35dd89216450f35a4bb6b91a0984901a6907b1af
Introduced
67e8f17e0e4ac6d89d8da3f33586b79fef3b6056
Fixed
5f867879e31f2e993d47da226bc30af9731bdfb6
Database specific 
{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:apache:santuario_xml_security_for_java:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.2.6"
        },
        {
            "introduced": "2.3.0"
        },
        {
            "fixed": "2.3.4"
        },
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.0.3"
        }
    ]
}

Affected versions

xmlsec-2.*
xmlsec-2.2.0
xmlsec-2.2.1
xmlsec-2.2.2
xmlsec-2.2.3
xmlsec-2.2.4
xmlsec-2.2.5
xmlsec-2.3.0
xmlsec-2.3.1
xmlsec-2.3.2
xmlsec-2.3.3
xmlsec-3.*
xmlsec-3.0.0
xmlsec-3.0.1
xmlsec-3.0.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-44483.json"