Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-15095

Опубликовано: 07 июл. 2020
Источник: redhat
CVSS3: 4.4

Описание

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://[[:]@][:][:][/]". The password value is not redacted and is printed to stdout and also to any generated log files.

Меры по смягчению последствий

Do not provide a password to npm via the cli to avoid it from being entered into the logs and stdout, or use ssh instead.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Application Runtimesnodejs8Out of support scope
Red Hat Enterprise Linux 8nodejsFixedRHSA-2020:427219.10.2020
Red Hat Enterprise Linux 8nodejsFixedRHSA-2021:054816.02.2021
Red Hat Enterprise Linux 8.1 Extended Update SupportnodejsFixedRHSA-2020:490304.11.2020
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-nodejs12-nodejsFixedRHSA-2020:508612.11.2020
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-nodejs10-nodejsFixedRHSA-2021:052115.02.2021
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUSrh-nodejs12-nodejsFixedRHSA-2020:508612.11.2020
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUSrh-nodejs10-nodejsFixedRHSA-2021:052115.02.2021
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUSrh-nodejs12-nodejsFixedRHSA-2020:508612.11.2020
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUSrh-nodejs10-nodejsFixedRHSA-2021:052115.02.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-532
https://bugzilla.redhat.com/show_bug.cgi?id=1856875npm: sensitive information exposure through logs

4.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-15095

CVSS3: 4.4
ubuntu
около 5 лет назад

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.

nvd логотип

CVE-2020-15095

CVSS3: 4.4
nvd
около 5 лет назад

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.

debian логотип

CVE-2020-15095

CVSS3: 4.4
debian
около 5 лет назад

Versions of the npm CLI prior to 6.14.6 are vulnerable to an informati ...

suse-cvrf логотип

openSUSE-SU-2020:1644-1

suse-cvrf
почти 5 лет назад

Security update for nodejs8

suse-cvrf логотип

SUSE-SU-2020:2870-1

suse-cvrf
почти 5 лет назад

Security update for nodejs8

4.4 Medium

CVSS3

Уязвимость CVE-2020-15095