Sensitive Information Exposure

2024-06-0507:13:46

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

sensitive information exposure

error log

http basic auth

repository

keyring urls

attack

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

chainguard.dev/apko is vulnerable to Sensitive Information Exposure. The vulnerability is due to improper redaction of sensitive information within error log output, where HTTP basic auth credentials from repository and keyring URLs are exposed, which allows an attacker with access to logs to misuse the sensitive credentials.

CPENameOperatorVersion
chainguard.dev/apkolev0.14.4
github.com/chainguard-dev/apkolev0.14.4
chainguard.dev/apkolev0.14.4
github.com/chainguard-dev/apkolev0.14.4