CVE-2023-30610 AWS SDK for Rust will log AWS credentials when TRACE-level logging is enabled for request sending

🗓️ 19 Apr 2023 17:18:54Reported by GitHub_MType

AWS SDK for Rust exposes AWS credentials via TRACE-level loggin

Reporter	Title	Published	Views	Family All 17
BDU FSTEC	The vulnerability of the aws-sigv4 library for collecting, processing, and transmitting metrics allows a perpetrator to gain unauthorized access to protected information.	28 Jul 202300:00	–	bdu_fstec
Circl	CVE-2023-30610	19 Apr 202322:30	–	circl
CNNVD	AWS SDK for Rust 日志信息泄露漏洞	19 Apr 202300:00	–	cnnvd
CVE	CVE-2023-30610	19 Apr 202317:18	–	cve
EUVD	EUVD-2023-1355	3 Oct 202520:07	–	euvd
Github Security Blog	AWS SDK for Rust will log AWS credentials when TRACE-level logging is enabled for request sending	26 Apr 202316:01	–	github
NVD	CVE-2023-30610	19 Apr 202318:15	–	nvd
OSV	CVE-2023-30610 AWS SDK for Rust will log AWS credentials when TRACE-level logging is enabled for request sending	19 Apr 202317:18	–	osv
OSV	GHSA-MJV9-VP6W-3RC9 AWS SDK for Rust will log AWS credentials when TRACE-level logging is enabled for request sending	26 Apr 202316:01	–	osv
OSV	RUSTSEC-2023-0125 Logs AWS credentials when TRACE-level logging is enabled	19 Apr 202312:00	–	osv

[
  {
    "vendor": "awslabs",
    "product": "aws-sdk-rust",
    "versions": [
      {
        "version": ">= 0.2.0, < 0.2.1",
        "status": "affected"
      },
      {
        "version": ">= 0.3.0, < 0.3.1",
        "status": "affected"
      },
      {
        "version": ">= 0.4.1, < 0.4.2",
        "status": "affected"
      },
      {
        "version": ">= 0.5.2, < 0.5.3",
        "status": "affected"
      },
      {
        "version": ">= 0.6.0, < 0.6.1",
        "status": "affected"
      },
      {
        "version": ">= 0.7.0, < 0.7.1",
        "status": "affected"
      },
      {
        "version": ">= 0.8.0, < 0.8.1",
        "status": "affected"
      },
      {
        "version": ">= 0.9.0, < 0.9.1",
        "status": "affected"
      },
      {
        "version": ">= 0.10.1, < 0.10.2",
        "status": "affected"
      },
      {
        "version": ">= 0.11.0, < 0.11.1",
        "status": "affected"
      },
      {
        "version": ">= 0.12.0, < 0.12.1",
        "status": "affected"
      },
      {
        "version": ">= 0.13.0, < 0.13.1",
        "status": "affected"
      },
      {
        "version": ">= 0.14.0, < 0.14.1",
        "status": "affected"
      },
      {
        "version": ">= 0.15.0, < 0.15.1",
        "status": "affected"
      },
      {
        "version": ">= 0.46.0, < 0.46.1",
        "status": "affected"
      },
      {
        "version": ">= 0.47.0, < 0.47.1",
        "status": "affected"
      },
      {
        "version": ">= 0.48.0, < 0.48.1",
        "status": "affected"
      },
      {
        "version": ">= 0.49.0, < 0.49.1",
        "status": "affected"
      },
      {
        "version": ">= 0.50.0, < 0.51.1",
        "status": "affected"
      },
      {
        "version": ">= 0.52.0, < 0.52.1, ",
        "status": "affected"
      },
      {
        "version": ">= 0.53.1, < 0.53.2",
        "status": "affected"
      },
      {
        "version": ">= 0.54.1, < 0.54.2",
        "status": "affected"
      },
      {
        "version": ">= 0.55.0, < 0.55.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/awslabs/aws-sdk-rust/security/advisories/GHSA-mjv9-vp6w-3rc9

19 Apr 2023 17:18Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.15.5

EPSS0.00064

CWE-532