Описание
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output
Impact
What kind of vulnerability is it? Who is impacted?
Storage credentials are written to the console.
Patches
Has the problem been patched? Yes, see #3589 What versions should users upgrade to?
- Any version after or including commit 1d6f852cd6534f4bea978cbdc85c583803d79f77
- No release has been created yet.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
- Be aware that
kopia repo status --jsonwill write the credentials to the output without scrubbing them. - Avoid executing
kopia repo statuswith the--jsonflag in an insecure environment where. - Avoid logging the output of the
kopia repo status --jsoncommand.
Пакеты
Наименование
github.com/kopia/kopia
go
Затронутые версииВерсия исправления
< 0.16.0
0.16.0
2 Low
CVSS3
Дефекты
CWE-200
2 Low
CVSS3
Дефекты
CWE-200