Lucene search

CVE-2022-23538

🗓️ 17 Jan 2023 21:11:15Reported by GitHub_MType

CVE-2022-23538: go client for Singularity Container Services (SCS) leaks HTTP Authorization header to S3

Reporter	Title	Published	Views	Family All 20
Tenable Nessus	Fedora 37 : apptainer (2023-01ff262091)	22 Feb 202300:00	–	nessus
Tenable Nessus	Fedora 36 : apptainer (2023-677d58bb20)	22 Feb 202300:00	–	nessus
AlpineLinux	CVE-2022-23538	17 Jan 202321:15	–	alpinelinux
OSV	Leaked user credentials in github.com/sylabs/scs-library-client	1 Feb 202323:23	–	osv
OSV	scs-library-client may leak user credentials to third-party service via HTTP redirect	20 Jan 202322:38	–	osv
OSV	OPENSUSE-SU-2024:12694-1 apptainer-1.1.6-1.1 on GA media	15 Jun 202400:00	–	osv
OSV	CVE-2022-23538	17 Jan 202321:15	–	osv
OSV	OPENSUSE-SU-2024:14059-1 singularity-ce-4.1.3-1.1 on GA media	20 Jun 202400:00	–	osv
UbuntuCve	CVE-2022-23538	17 Jan 202300:00	–	ubuntucve
Debian CVE	CVE-2022-23538	17 Jan 202321:15	–	debiancve

Nvd

Vulners

Node

sylabs singularity_container_services_libraryMatch1.3.2

sylabs singularity_container_services_libraryMatch1.3.3

sylabs singularity_container_services_libraryMatch1.4.0

sylabs singularity_container_services_libraryMatch1.4.1

[
  {
    "vendor": "sylabs",
    "product": "scs-library-client",
    "versions": [
      {
        "version": "< 1.34",
        "status": "affected"
      },
      {
        "version": ">= 1.4.0, < 1.4.2",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/sylabs/scs-library-client/commit/b5db2aacba6bf1231f42dd475cc32e6355ab47b2
github	www.github.com/sylabs/scs-library-client/commit/68ac4cab5cda0afd8758ff5b5e2e57be6a22fcfa
github	www.github.com/sylabs/scs-library-client/security/advisories/GHSA-7p8m-22h4-9pj7
github	www.github.com/sylabs/scs-library-client/commit/eebd7caaab310b1fa803e55b8fc1acd9dcd2d00c

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 Jan 2023 21:15Current

6.2Medium risk

Vulners AI Score6.2

CVSS35.2 - 7.6

EPSS0.00097

SSVC

CWE-522