CVE-2023-5720— Quarkus: build env information disclosure via gradle plugin

CVSS 7.7 · High EPSS 2.71% · P86 Updated Feb 26, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-5720

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Quarkus: build env information disclosure via gradle plugin

Source: NVD (National Vulnerability Database)

Vulnerability Description

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

通过环境变量导致的信息暴露

Source: NVD (National Vulnerability Database)

Vulnerability Title

Quarkus 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Quarkus是一个用于编写 Java 应用程序的云原生 (Linux) 容器优先框架。 Quarkus存在安全漏洞，该漏洞源于没有正确清理使用Gradle插件创建的工件，从而允许保留某些构建系统信息，允许攻击者从应用程序内的构建系统访问潜在的敏感信息。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	gradle-plugin	-	-

II. Public POCs for CVE-2023-5720

#	POC Description	Source Link	Shenlong Link
1	None	https://github.com/miguelc49/CVE-2023-5720-2	POC Details
2	None	https://github.com/miguelc49/CVE-2023-5720-1	POC Details
3	None	https://github.com/miguelc49/CVE-2023-5720-3	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-5720

请登录查看更多情报信息。

https://access.redhat.com/security/cve/CVE-2023-5720vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2245700issue-trackingx_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2023-5720

Same Patch Batch · n/a · 2023-11-15 · 25 CVEs total

CVE-2023-48365	9.6 CRITICAL	Qlik Sense 安全漏洞
CVE-2023-34062	7.5 HIGH	VMware Reactor Netty 路径遍历漏洞
CVE-2023-48011		GPAC 安全漏洞
CVE-2023-48204		PublicCMS 安全漏洞
CVE-2023-48200		Grocy 安全漏洞
CVE-2023-48199		Grocy 安全漏洞
CVE-2023-48198		Grocy 安全漏洞
CVE-2023-48197		Grocy 安全漏洞
CVE-2023-48089		XXL-JOB 安全漏洞
CVE-2023-48088		XXL-JOB 安全漏洞
CVE-2023-48087		XXL-JOB 安全漏洞
CVE-2023-48014		GPAC 安全漏洞
CVE-2023-48013		GPAC 安全漏洞
CVE-2023-47446		PHPGurukul Pre-School Enrollment 跨站脚本漏洞
CVE-2023-47445		PHPGurukul Pre-School Enrollment 安全漏洞
CVE-2023-47444		OpenCart 安全漏洞
CVE-2023-47347		free5GC 安全漏洞
CVE-2023-47345		free5GC 安全漏洞
CVE-2023-47309		PrestaShop nkmgls 跨站脚本漏洞
CVE-2023-47308		PrestaShop 安全漏洞

Showing top 20 of 25 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a

Same weakness: CWE-526

V. Comments for CVE-2023-5720

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-5720— Quarkus: build env information disclosure via gradle plugin

I. Basic Information for CVE-2023-5720

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-5720

III. Intelligence Information for CVE-2023-5720

Same Patch Batch · n/a · 2023-11-15 · 25 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-5720

Leave a comment