CVE-2023-6460

MEDIUM

nodejs-firestore <6.1.0 - Info Disclosure

Title source: llm

Description

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue

References (1)

[Issue Tracking, Patch] https://github.com/googleapis/nodejs-firestore/pull/1742

Scores

CVSS v3 4.0

EPSS 0.0002

EPSS Percentile 4.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-532 CWE-922

Status published

Products (2)

google/cloud_firestore < 6.1.0

google-cloud/firestore 0 - 6.1.0npm

Published Dec 04, 2023

Tracked Since Feb 18, 2026