Lucene search

GitHub Advisory DatabaseGHSA-69MV-3642-WJ3W

HistoryJul 23, 2018 - 7:50 p.m.

Low severity vulnerability that affects sensu

2018-07-2319:50:22

GitHub Advisory Database

github.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

77.8%

JSON

The sensu rubygem prior to version 1.2.0 contains a CWE-522 (Insufficiently Protected Credentials) flaw that can result in sensitive configuration data (e.g. passwords) being logged in clear-text.

Users are advised to upgrade to rubygem version 1.2.1 or later.

Affected configurations

Vulners

Node

sensusensu_coreRange<1.2.1

References

access.redhat.com/errata/RHSA-2018:0616

access.redhat.com/errata/RHSA-2018:1112

access.redhat.com/errata/RHSA-2018:1606

github.com/advisories/GHSA-69mv-3642-wj3w

github.com/sensu/sensu/issues/1804

github.com/sensu/sensu/pull/1810

nvd.nist.gov/vuln/detail/CVE-2018-1000060

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

77.8%

JSON

Related for GHSA-69MV-3642-WJ3W