12 matches found
EUVD-2025-0193
Malicious code in bioql PyPI...
CVE-2025-24355
Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...
Sensitive Information Exposure
github.com/updatecli/updatecli is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper log sanitization due to private Maven repository credentials being exposed in logs when a retrieval operation fails...
GO-2025-3419 Updatecli exposes Maven credentials in console output in github.com/updatecli/updatecli
Updatecli exposes Maven credentials in console output in github.com/updatecli/updatecli...
SUSE CVE-2025-24355
Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...
CVE-2025-24355
Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...
CVE-2025-24355
Updatecli (tool) is affected by CVE-2025-24355: when a pipeline uses a maven source with basic auth credentials and the retrieval operation fails, private credentials may be leaked in logs. The issue is resolved in version 0.93.0. Related advisories (GHSA-GHSA: v34R-vJ4R-38J6) describe the same l...
CVE-2025-24355 Updatecli may expose Maven credentials in console output
Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...
CVE-2025-24355 Updatecli may expose Maven credentials in console output
Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...
CVE-2025-24355 Updatecli may expose Maven credentials in console output
Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a maven source configured with basic...
Updatecli 安全漏洞
Updatecli is a declarative dependency management tool from the Updatecli open source. A security vulnerability exists in Updatecli versions prior to 0.93.0, which stems from the fact that private Maven repository credentials may be leaked to application logs if a retrieval operation fails...
PT-2025-5338 · Updatecli +2 · Updatecli +2
Name of the Vulnerable Software and Affected Versions: Updatecli versions prior to 0.93.0 Description: The issue concerns the leakage of private Maven repository credentials in application logs when an updatecli pipeline execution fails. This occurs when the pipeline contains a maven source...