Описание
Low severity vulnerability that affects sensu
The sensu rubygem prior to version 1.2.0 contains a CWE-522 (Insufficiently Protected Credentials) flaw that can result in sensitive configuration data (e.g. passwords) being logged in clear-text.
Users are advised to upgrade to rubygem version 1.2.1 or later.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000060
- https://github.com/sensu/sensu/issues/1804
- https://github.com/sensu/sensu/pull/1810
- https://access.redhat.com/errata/RHSA-2018:0616
- https://access.redhat.com/errata/RHSA-2018:1112
- https://access.redhat.com/errata/RHSA-2018:1606
- https://github.com/advisories/GHSA-69mv-3642-wj3w
Пакеты
sensu
< 1.2.1
1.2.1
EPSS
CVE ID
Связанные уязвимости
Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in clear-text. This attack appear to be exploitable via victims with configuration matching a specific pattern will observe sensitive data outputted in their service log files. This vulnerability appears to have been fixed in 1.2.1 and later, after commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b.
Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in clear-text. This attack appear to be exploitable via victims with configuration matching a specific pattern will observe sensitive data outputted in their service log files. This vulnerability appears to have been fixed in 1.2.1 and later, after commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b.
Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e ...
EPSS