Google · Bazel · CVE-2022-3474
**Name of the Vulnerable Software and Affected Versions**
Bazel versions prior to 5.3.2
Bazel versions prior to 4.2.3
**Description**
A bad credential handling in the remote assets API sends all user-provided credentials instead of only the required ones for the requests.
**Recommendations**
For Bazel versions prior to 5.3.2, upgrade to version 5.3.2 or later.
For Bazel versions prior to 4.2.3, upgrade to version 4.2.3 or later.