Lucene search
GitHub Advisory DatabaseGHSA-J5VM-7QCC-2WWGHistoryApr 10, 2024 - 5:15 p.m.
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output
2024-04-1017:15:26
CWE-200
GitHub Advisory Database
github.com
4
storage credentials
console output
json
vulnerability
patch
upgrade
workaround
kopia
cli
7.1 High
AI Score
Confidence
High
Impact
What kind of vulnerability is it? Who is impacted?
Storage credentials are written to the console.
Patches
Has the problem been patched? Yes, see #3589
What versions should users upgrade to?
- Any version after or including commit 1d6f852cd6534f4bea978cbdc85c583803d79f77
- No release has been created yet.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
- Be aware that
kopia repo status --jsonwill write the credentials to the output without scrubbing them. - Avoid executing
kopia repo statuswith the--jsonflag in an insecure environment where. - Avoid logging the output of the
kopia repo status --jsoncommand.
Affected configurations
Node
github.com\/kopia\/kopiaRange<0.16.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/kopia/kopia | lt | 0.16.0 |
7.1 High
AI Score
Confidence
High