Lucene search
Veracode Vulnerability DatabaseVERACODE:38978HistoryJan 24, 2023 - 5:37 a.m.
Information Disclosure
2023-01-2405:37:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
information disclosure
user credentials
http redirect
unauthorized actions
vulnerability
0.001 Low
EPSS
Percentile
41.3%
github.com/sylabs/scs-library-client is vulnerable to information disclosure. The vulnerability exists in pull.go because the user credentials are leaked to third-party services via HTTP redirect which allows an attacker to gain access to the credential information and perform unauthorized actions.
References
github.com/sylabs/scs-library-client/commit/68ac4cab5cda0afd8758ff5b5e2e57be6a22fcfa
github.com/sylabs/scs-library-client/commit/b5db2aacba6bf1231f42dd475cc32e6355ab47b2
github.com/sylabs/scs-library-client/commit/eebd7caaab310b1fa803e55b8fc1acd9dcd2d00c
github.com/sylabs/scs-library-client/issues/153
github.com/sylabs/scs-library-client/pull/154
github.com/sylabs/scs-library-client/security/advisories/GHSA-7p8m-22h4-9pj7
Related
alpinelinux
alpinelinux
CVE-2022-23538
2023-01-17 21:15:11
nessus
nessus
Fedora 36 : apptainer (2023-677d58bb20)
2023-02-22 00:00:00
Fedora 37 : apptainer (2023-01ff262091)
2023-02-22 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: apptainer-1.1.6-1.fc36
2023-02-22 11:10:37
[SECURITY] Fedora 37 Update: apptainer-1.1.6-1.fc37
2023-02-22 10:16:22
openvas
openvas
Fedora: Security Advisory for apptainer (FEDORA-2023-01ff262091)
2023-02-23 00:00:00
Fedora: Security Advisory for apptainer (FEDORA-2023-677d58bb20)
2023-02-23 00:00:00
prion
prion
Authorization
2023-01-17 21:15:00
osv
osv
scs-library-client may leak user credentials to third-party service via HTTP redirect
2023-01-20 22:38:04
Leaked user credentials in github.com/sylabs/scs-library-client
2023-02-01 23:23:36
CVE-2022-23538
2023-01-17 21:15:11
ubuntucve
ubuntucve
CVE-2022-23538
2023-01-17 00:00:00
debiancve
debiancve
CVE-2022-23538
2023-01-17 21:15:11
cvelist
cvelist
nvd
nvd
CVE-2022-23538
2023-01-17 21:15:11
cve
cve
CVE-2022-23538
2023-01-17 21:15:11
github
github