4 matches found
zhmc-prometheus-exporter (=0.6.1), zhmccli (=0.21.2) potentially affected by CVE-2024-53865 via zhmcclient (=0.30.2)
zhmcclient PYPI version =0.30.2 is affected by a known vulnerability. The following packages have a transitive dependency on zhmcclient and may be impacted: - zhmc-prometheus-exporter =0.6.1 - zhmccli =0.21.2 Source cves: CVE-2024-53865 Source advisory: OSV:GHSA-P57H-3CMC-XPJQ...
CVE-2024-53865
zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creati...
CVE-2024-53865 Python package "zhmcclient" has passwords in clear text in its HMC and API logs
zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creati...
CVE-2024-53865
CVE-2024-53865 affects the Python package zhmcclient, a client library for IBM Z HMC Web Services API. The issue is that in affected versions, password-like properties are written in clear text to API and HMC logs in several operations: boot-ftp-password and ssc-master-pw when creating/updating p...