Lucene search
GoogleOSV:RUSTSEC-2022-0089HistoryNov 19, 2022 - 12:00 p.m.
`aliyun-oss-client` secret exposure
2022-11-1912:00:00
Google
osv.dev
10
bug fixed
authentication secret
software
trait limitation
CVSS3
5.6
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
EPSS
0.001
Percentile
19.4%
The aliyun-oss-client unintentionally divulges the authentication secret.
This bug was fixed in this commit by limiting the concerned traits to be pub only within the crate.
Related
osv
osv
CVE-2022-39397
2022-11-22 21:15:10
Leak in Aliyun KeySecret
2022-11-21 20:39:05
github
github
Leak in Aliyun KeySecret
2022-11-21 20:39:05
rustsec
rustsec
`aliyun-oss-client` secret exposure
2022-11-19 12:00:00
nvd
nvd
CVE-2022-39397
2022-11-22 21:15:10
prion
prion
Code injection
2022-11-22 21:15:00
cve
cve
CVE-2022-39397
2022-11-22 21:15:10
cvelist
cvelist
CVE-2022-39397 Exposure of sensitive information in aliyun-oss-client
2022-11-22 00:00:00
CVSS3
5.6
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
EPSS
0.001
Percentile
19.4%
Related for OSV:RUSTSEC-2022-0089