Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-15095
HistoryJul 07, 2020 - 12:00 a.m.

CVE-2020-15095

2020-07-0700:00:00
ubuntu.com
ubuntu.com
15
npm
cli
vulnerability
information exposure
log files
urls
password
log files
unix

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

17.2%

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information
exposure vulnerability through log files. The CLI supports URLs like
“<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>”. The
password value is not redacted and is printed to stdout and also to any
generated log files.

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

17.2%