Lucene search

ZoweCVELIST:CVE-2024-6916

HistoryJul 19, 2024 - 10:47 a.m.

CVE-2024-6916 Zowe CLI --show-inputs-only displays securely stored properties

2024-07-1910:47:07

Zowe

www.cve.org

zowe

cli

vulnerability

displays

securely stored

properties

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C/CR:M/MAV:L/MAC:L/MPR:L/MUI:R/MS:C/MC:H/MI:N/MA:N

EPSS

Percentile

9.3%

JSON

A vulnerability in Zowe CLI allows local, privileged actors to display securely stored properties in cleartext within a terminal using the ‘–show-inputs-only’ flag.

CNA Affected

[
  {
    "vendor": "Open Mainframe Project",
    "product": "Zowe CLI - Imperative",
    "versions": [
      {
        "version": "5.1.0",
        "status": "affected",
        "lessThan": "5.22.6",
        "versionType": "semver"
      }
    ]
  }
]

References

github.com/zowe/zowe-cli/packages/imperative

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C/CR:M/MAV:L/MAC:L/MPR:L/MUI:R/MS:C/MC:H/MI:N/MA:N

EPSS

Percentile

9.3%

JSON

Related for CVELIST:CVE-2024-6916