Lucene search
K

219 matches found

Positive Technologies
Positive Technologies
added 2022/05/24 12:0 a.m.2 views

PT-2022-3860 · Hashicorp +1 · Go-Getter +1

Name of the Vulnerable Software and Affected Versions: HashiCorp go-getter versions 1.5.11 and earlier HashiCorp go-getter versions 2.0.2 and earlier Description: The issue is related to the lack of input data sanitization in the go-getter library, which can be exploited by a remote attacker to...

10CVSS7.2AI score0.03054EPSS
Exploits0References33
CNNVD
CNNVD
added 2022/05/23 12:0 a.m.4 views

Hashicorp Nomad 权限许可和访问控制问题漏洞

Hashicorp Nomad is a distributed, data center-aware cluster and application scheduler from Hashicorp, USA. The program supports the deployment of microservices, batch, containerized and non-containerized applications. A privilege permission and access control issue vulnerability exists in Hashico...

9.8CVSS8.3AI score0.01325EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/04/29 12:46 p.m.50 views

CVE-2022-29810

A flaw was found in go-getter, where the go-getter library can write SSH credentials into its log file. This flaw allows a local user with access to read log files to read sensitive credentials, which may lead to privilege escalation or account takeover...

5.5CVSS3.3AI score0.00403EPSS
Exploits0References4
Veracode
Veracode
added 2022/04/28 4:21 a.m.29 views

Information Disclosure

github.com/hashicorp/go-getter is vulnerable to information disclosure. The vulnerability exists in the RedactURL function of url.go, allowing an attacker to read or write SSH credentials through the log file...

5.5CVSS2.6AI score0.00403EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/04/28 12:0 a.m.31 views

Insertion of Sensitive Information into Log File in Hashicorp go-getter

The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile...

5.5CVSS5.7AI score0.00403EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/04/28 12:0 a.m.42 views

GHSA-27RQ-4943-QCWP Insertion of Sensitive Information into Log File in Hashicorp go-getter

The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile...

5.5CVSS5.4AI score0.00403EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/04/27 9:9 p.m.156 views

Exposure of SSH credentials in Rancher/Fleet

Impact This vulnerability only affects customers using Fleet for continuous delivery with authenticated Git and/or Helm repositories. A security vulnerability CVE-2022-29810 was discovered in go-getter library in versions prior to v1.5.11 that exposes SSH private keys in base64 format due to a...

5.5CVSS0.2AI score0.00403EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/04/27 9:9 p.m.21 views

GHSA-WM2R-RP98-8PMH Exposure of SSH credentials in Rancher/Fleet

Impact This vulnerability only affects customers using Fleet for continuous delivery with authenticated Git and/or Helm repositories. A security vulnerability CVE-2022-29810 was discovered in go-getter library in versions prior to v1.5.11 that exposes SSH private keys in base64 format due to a...

5.7AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/04/27 6:15 a.m.4 views

CVE-2022-29810

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter...

5.5CVSS6.7AI score0.00403EPSS
Exploits0References4
NVD
NVD
added 2022/04/27 6:15 a.m.50 views

CVE-2022-29810

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter...

5.5CVSS0.00403EPSS
Exploits0References3
Prion
Prion
added 2022/04/27 6:15 a.m.24 views

Design/Logic Flaw

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter...

2.1CVSS7.2AI score0.00403EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/04/27 5:50 a.m.53 views

CVE-2022-29810

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter...

5.6AI score0.00403EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2022/04/27 5:50 a.m.36 views

CVE-2022-29810

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter...

5.5CVSS6.9AI score0.00403EPSS
Exploits0
CVE
CVE
added 2022/04/27 5:50 a.m.273 views

CVE-2022-29810

CVE-2022-29810 affects the HashiCorp go-getter library, where versions before 1.5.11 fail to redact an SSH private key in a URL query parameter. In practice, this can lead to exposure of SSH credentials in logs or error messages, potentially readable by local users with access to the logfile. Con...

5.5CVSS5.2AI score0.00403EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/04/27 5:50 a.m.19 views

CVE-2022-29810

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter...

5.5CVSS5.4AI score0.00403EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/04/27 12:0 a.m.32 views

Hashicorp go-getter 日志信息泄露漏洞

Hashicorp go-getter is a library for Go golang that is used to download files or directories from various sources using URLs as the primary form of input. A log information disclosure vulnerability exists in Hashicorp go-getter version 1.5.11, which stems from the ability of the go-getter library...

5.5CVSS7AI score0.00403EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/04/27 12:0 a.m.5 views

PT-2022-19843 · Hashicorp · Go-Getter

Name of the Vulnerable Software and Affected Versions: Hashicorp go-getter library versions prior to 1.5.11 Description: The issue concerns the Hashicorp go-getter library, where SSH credentials could be written into its logfile. This exposes sensitive credentials to local users who have the...

5.5CVSS6.5AI score0.00403EPSS
Exploits0References11
Snyk
Snyk
added 2022/03/11 12:18 p.m.0 views

Command Injection

Overview github.com/hashicorp/go-getter is a Package for downloading things from a string URL using a variety of protocols. Affected versions of this package are vulnerable to Command Injection via hg argument injection. When calling the newgogetter.HgGetter.get function, the dst parameter is...

9.8CVSS7.4AI score0.01525EPSS
Exploits0References2
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2022/02/11 1:9 a.m.6 views

Nomad Artifact Download Race Condition

Summary Nomad and Nomad Enterprise “Nomad” artifact download functionality had a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. This vulnerability, CVE-2022-24686, was fixed in Nomad 1.0.18, 1.1.12, and 1.2.6. Background Nomad uses th...

5.9CVSS6.3AI score0.00863EPSS
Exploits0Affected Software1
Rows per page
Query Builder