CVE-2024-41129

Опубликовано: 22 июл. 2024

Источник: nvd

CVSS3: 4.4

EPSS Низкий

Описание

The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju (>=3.0), Juju secrets and not correctly capturing and processing subprocess.CalledProcessError. This vulnerability is fixed in 2.15.0.

Ссылки

https://github.com/canonical/operator/commit/fea6d2072435a62170d4c01272572f1a7e916e61
https://github.com/canonical/operator/security/advisories/GHSA-hcmv-jmqh-fjgm
https://github.com/canonical/operator/commit/fea6d2072435a62170d4c01272572f1a7e916e61
https://github.com/canonical/operator/security/advisories/GHSA-hcmv-jmqh-fjgm

EPSS

Процентиль: 13%

0.00044

Низкий

4.4 Medium

CVSS3

Дефекты

CWE-532

Связанные уязвимости

GHSA-hcmv-jmqh-fjgm