Lucene search
GitHub Advisory DatabaseGHSA-3W3H-7XGX-GRWCHistoryNov 21, 2022 - 8:39 p.m.
Leak in Aliyun KeySecret
2022-11-2120:39:05
CWE-200
GitHub Advisory Database
github.com
12
aliyun
keysecret
users
secret disclosure.
CVSS3
5.6
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
EPSS
0.001
Percentile
19.4%
Impact
Users of this library will be affected when using this library, the incoming secret will be disclosed unintentionally.
Patches
This have already been solved.
Workarounds
No, It cannot be patched without upgrading
References
No
For more information
If you have any questions or comments about this advisory:
- Email us at email address
Affected configurations
Node
aliyun-oss-client_projectaliyun-oss-clientRange<0.8.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| aliyun-oss-client_project | aliyun-oss-client | * | cpe:2.3:a:aliyun-oss-client_project:aliyun-oss-client:*:*:*:*:*:*:*:* |
Related
osv
osv
CVE-2022-39397
2022-11-22 21:15:10
Leak in Aliyun KeySecret
2022-11-21 20:39:05
`aliyun-oss-client` secret exposure
2022-11-19 12:00:00
rustsec
rustsec
`aliyun-oss-client` secret exposure
2022-11-19 12:00:00
nvd
nvd
CVE-2022-39397
2022-11-22 21:15:10
prion
prion
Code injection
2022-11-22 21:15:00
cvelist
cvelist
CVE-2022-39397 Exposure of sensitive information in aliyun-oss-client
2022-11-22 00:00:00
cve
cve
CVE-2022-39397
2022-11-22 21:15:10
CVSS3
5.6
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
EPSS
0.001
Percentile
19.4%
Related for GHSA-3W3H-7XGX-GRWC