Lucene search

GoogleOSV:GHSA-3W3H-7XGX-GRWC

HistoryNov 21, 2022 - 8:39 p.m.

Leak in Aliyun KeySecret

2022-11-2120:39:05

Google

osv.dev

aliyun

keysecret

users affected

secret disclosure

patches

workarounds

upgrade in software.

5.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

19.5%

JSON

Impact

Users of this library will be affected when using this library, the incoming secret will be disclosed unintentionally.

Patches

This have already been solved.

Workarounds

No, It cannot be patched without upgrading

References

For more information

If you have any questions or comments about this advisory:

Email us at email address

CPENameOperatorVersion
aliyun-oss-clientlt0.8.1

CPE	Name	Operator	Version
	aliyun-oss-client	lt	0.8.1

References

github.com/tu6ge/oss-rs

github.com/tu6ge/oss-rs/commit/e4553f7d74fce682d802f8fb073943387796df29

github.com/tu6ge/oss-rs/security/advisories/GHSA-3w3h-7xgx-grwc

nvd.nist.gov/vuln/detail/CVE-2022-39397

rustsec.org/advisories/RUSTSEC-2022-0089.html

5.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

19.5%

JSON

Related for OSV:GHSA-3W3H-7XGX-GRWC