Insertion of Sensitive Information Into Debugging Code

CVE-2024-7569

High

9.6/10

Summary

An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-215 - Insertion of Sensitive Information Into Debugging Code

The application inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production.

References

Advisory Timeline

Published Aug 13, 2024

Insertion of Sensitive Information Into Debugging Code

CVE-2024-7569

Summary

CWE-215 - Insertion of Sensitive Information Into Debugging Code

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS