Lucene search

ZoweCVE-2024-6916

HistoryJul 19, 2024 - 11:15 a.m.

CVE-2024-6916

2024-07-1911:15:04

CWE-922

Zowe

web.nvd.nist.gov

zowe cli

local

privileged

cleartext

terminal

inputs

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C/CR:M/MAV:L/MAC:L/MPR:L/MUI:R/MS:C/MC:H/MI:N/MA:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

9.3%

JSON

A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the ‘–show-inputs-only’ flag.

Affected configurations

Nvd

Node

zowezowe_cli

VendorProductVersionCPE
zowezowe_clicpe:/a:zowe:zowe_cli::::

Vendor	Product	Version	CPE
zowe	zowe_cli		cpe:/a:zowe:zowe_cli::::

CNA Affected

[
  {
    "vendor": "Open Mainframe Project",
    "product": "Zowe CLI - Imperative",
    "versions": [
      {
        "version": "5.1.0",
        "status": "affected",
        "lessThan": "5.22.6",
        "versionType": "semver"
      }
    ]
  }
]

References

github.com/zowe/zowe-cli/packages/imperative

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C/CR:M/MAV:L/MAC:L/MPR:L/MUI:R/MS:C/MC:H/MI:N/MA:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

9.3%

JSON

Related for CVE-2024-6916