GO-2025-3419 Updatecli exposes Maven credentials in console output in github.com/updatecli/updatecli

Updatecli exposes Maven credentials in console output in github.com/updatecli/updatecli...

SUSE CVE-2025-24355

Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...

Updatecli exposes Maven credentials in console output

Summary Private maven repository credentials leaked in application logs in case of unsuccessful retrieval operation. Details During the execution of an updatecli pipeline which contains a maven source configured with basic auth credentials, the credentials are being leaked in the application...

GHSA-V34R-VJ4R-38J6 Updatecli exposes Maven credentials in console output

Summary Private maven repository credentials leaked in application logs in case of unsuccessful retrieval operation. Details During the execution of an updatecli pipeline which contains a maven source configured with basic auth credentials, the credentials are being leaked in the application...

CVE-2025-24355

Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...

CVE-2025-24355

Updatecli (tool) is affected by CVE-2025-24355: when a pipeline uses a maven source with basic auth credentials and the retrieval operation fails, private credentials may be leaked in logs. The issue is resolved in version 0.93.0. Related advisories (GHSA-GHSA: v34R-vJ4R-38J6) describe the same l...

CVE-2025-24355 Updatecli may expose Maven credentials in console output

Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...

PT-2025-5338 · Updatecli +2 · Updatecli +2

Name of the Vulnerable Software and Affected Versions: Updatecli versions prior to 0.93.0 Description: The issue concerns the leakage of private Maven repository credentials in application logs when an updatecli pipeline execution fails. This occurs when the pipeline contains a maven source...