6 matches found
CVE-2022-3474
A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3...
CBL Mariner 2.0 Security Update: bazel (CVE-2022-3474)
The version of bazel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3474 advisory. - A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all...
Photon OS 4.0: Bazel PHSA-2023-4.0-0396
An update of the bazel package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0396. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
CVE-2022-3474 affecting package bazel for versions less than 5.3.2-1
CVE-2022-3474 affecting package bazel for versions less than 5.3.2-1. An upgraded version of the package is available that resolves this issue...
CVE-2022-3474
CVE-2022-3474 concerns a flaw in Bazel's remote assets API where bad credential handling causes all user-provided credentials to be sent instead of only the required ones. Affected are Bazel versions prior to 5.3.2 and 4.2.3. The consequence is credential exposure for requests using this API. The...
CVE-2022-3474 Bazel leaks user credentials through the remote assets API
A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3...