CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Kitchen-Terraform v7.0.0 introduced a regression which caused all
Terraform output values, including sensitive values, to be printed
at the info
logging level during the kitchen converge
action.
Prior to v7.0.0, the output values were printed at the debug
level
to avoid writing sensitive values to the terminal by default.
@brettcurtis:
Hopefully, I’m not doing something stupid here, but I’m seeing
sensitive outputs printed in the kitchen output. You can check
this action for an example: https://github.com/osinfra-io/terraform-google-project/actions/runs/4700065515/jobs/8334277309#step:5:215
It's not really a sensitive value just used it as an example.
Vendor | Product | Version | CPE |
---|---|---|---|
ruby | kitchen-terraform | * | cpe:2.3:a:ruby:kitchen-terraform:*:*:*:*:*:*:*:* |