CVE-2022-29810

Опубликовано: 27 апр. 2022

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.

Ссылки

https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc
Patch
Third Party Advisory
https://github.com/hashicorp/go-getter/pull/348
Patch
Third Party Advisory
https://github.com/hashicorp/go-getter/releases/tag/v1.5.11
Release Notes
Third Party Advisory
https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc
Patch
Third Party Advisory
https://github.com/hashicorp/go-getter/pull/348
Patch
Third Party Advisory
https://github.com/hashicorp/go-getter/releases/tag/v1.5.11
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hashicorp:go-getter:*:*:*:*:*:*:*:*

Версия до 1.5.11 (исключая)

EPSS

Процентиль: 15%

0.00051

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-532

Связанные уязвимости

CVE-2022-29810

CVSS3: 5.1

redhat

больше 3 лет назад

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.

CVE-2022-29810

CVSS3: 5.5

debian

больше 3 лет назад

The Hashicorp go-getter library before 1.5.11 does not redact an SSH k ...

GHSA-27rq-4943-qcwp

CVSS3: 5.5

github

больше 3 лет назад

Insertion of Sensitive Information into Log File in Hashicorp go-getter

EPSS

Процентиль: 15%

0.00051

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-532