cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-47197,https://securityvulnerability.io/vulnerability/CVE-2024-47197,Unintended Publishing of Sensitive Information in Maven Artifact,"A vulnerability has been identified in the Maven Archetype Plugin, where sensitive information may be exposed to unauthorized actors due to insecure storage practices. Specifically, the plugin creates an 'archetype-settings.xml' file under './target/classes/archetype-it/' during integration testing. This file inadvertently includes the complete contents of the user's '~/.m2/settings.xml' file, which often contains sensitive data, such as user credentials. If the user subsequently executes the 'mvn verify' command without running 'mvn clean', this sensitive file can be bundled into the final artifact. As a result, developers may unintentionally publish their credentials to Maven Central or other repositories, compromising their security. It is strongly recommended to upgrade to version 3.3.0 of the Maven Archetype Plugin, which addresses this vulnerability.",Apache,Maven Archetype Plugin,7.5,HIGH,0.0005600000149570405,false,,false,false,false,,,false,false,,2024-09-26T08:01:24.486Z,0