5 matches found
CVE-2023-30610
aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The awssigv4::SigningParams struct had a derived Debug implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security token in plaintext. When TRACE-level logging is...
CVE-2023-30610
The CVE affects aws-sigv4 in the AWS SDK for Rust: the SigningParams Debug output can expose a user’s AWS access key, secret key, and session token when TRACE-level logging is enabled, allowing credentials to appear in logs. Affected users should upgrade to fixed releases; patches are listed acro...
CVE-2023-30610 AWS SDK for Rust will log AWS credentials when TRACE-level logging is enabled for request sending
aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The awssigv4::SigningParams struct had a derived Debug implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security token in plaintext. When TRACE-level logging is...
aware (>=0.0.1 <=0.0.25), aws-config (>=0.0.22-alpha <=0.15.0) +343 more potentially affected by CVE-2023-30610 via aws-sigv4 (>=0.0.22-alpha <=0.15.1)
aws-sigv4 CARGO version =0.0.22-alpha, =0.0.1, =0.0.22-alpha, =0.0.22-alpha, =0.0.1, =0.0.22-alpha, =0.0.22-alpha, =0.0.22-alpha, =0.0.22-alpha, =0.0.22-alpha, =0.0.22-alpha, =0.0.22-alpha, =0.0.22-alpha, =0.10.1, =0.0.22-alpha, =0.15.0 and more Source cves: CVE-2023-30610 Source advisory:...
acmer (>=0.0.1 <=0.0.16), avalanche-config-installer (>=0.2.36 <=0.2.43) +411 more potentially affected by CVE-2023-30610 via aws-sigv4 (>=0.4.2 <=0.56.1)
aws-sigv4 CARGO version =0.4.2, =0.0.1, =0.2.36, =0.0.18, =0.0.42, =0.0.9, =0.4.0, =0.0.24, =0.21.0, =0.4.0, =0.55.2, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.34.0 and more Source cves: CVE-2023-30610 Source advisory: OSV:RUSTSEC-2023-0125...