CVE-2024-47197 – Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials

https://notcve.org/view.php?id=CVE-2024-47197

26 Sep 2024 — Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype integration testing creates a file called ./target/classes/archetype-it/archetype-settings.xml This file contains all the content from the users ~/.m2/settings.xml file, which often contains information they do not wa... • https://lists.apache.org/thread/ftg81np183wnyk0kg4ks95dvgxdrof96 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-922: Insecure Storage of Sensitive Information •