11 matches found
CVE-2024-53865
zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creati...
Sensitive Information Exposure
zhmcclient is vulnerable to Sensitive Information Exposure. The vulnerability is due to the logging of password-like properties in clear text in both the zhmcclient API and HMC logs when specific functions for creating or updating configurations e.g., partitions, LPARs, image activation profiles,...
zhmc-prometheus-exporter (=0.6.1), zhmccli (=0.21.2) potentially affected by CVE-2024-53865 via zhmcclient (=0.30.2)
zhmcclient PYPI version =0.30.2 is affected by a known vulnerability. The following packages have a transitive dependency on zhmcclient and may be impacted: - zhmc-prometheus-exporter =0.6.1 - zhmccli =0.21.2 Source cves: CVE-2024-53865 Source advisory: OSV:GHSA-P57H-3CMC-XPJQ...
GHSA-P57H-3CMC-XPJQ Python package "zhmcclient" stores passwords in clear text in its HMC and API logs
Impact The Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: The 'boot-ftp-password' and 'ssc-master-pw' properties when creating or updating a partition in DPM mode, in the zhmcclient API and HMC logs The 'ssc-master-pw' a...
Cleartext Storage of Sensitive Information
Overview zhmcclient is an A pure Python client library for the IBM Z HMC Web Services API Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to the logging of sensitive information in clear text. An attacker with access to the logs can obtain...
CVE-2024-53865
zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creati...
CVE-2024-53865 Python package "zhmcclient" has passwords in clear text in its HMC and API logs
zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creati...
CVE-2024-53865
CVE-2024-53865 affects the Python package zhmcclient, a client library for IBM Z HMC Web Services API. The issue is that in affected versions, password-like properties are written in clear text to API and HMC logs in several operations: boot-ftp-password and ssc-master-pw when creating/updating p...
CVE-2024-53865 Python package "zhmcclient" has passwords in clear text in its HMC and API logs
zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creati...
CVE-2024-53865 Python package "zhmcclient" has passwords in clear text in its HMC and API logs
zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creati...
zhmcclient 安全漏洞
zhmcclient is a server interface to the zhmcclient open source. A security vulnerability exists in zhmcclient that stems from the fact that under certain circumstances, zhmcclient writes password-like attributes in plaintext to its HMC and API logs...