PT-2022-16947 · Unknown · Cveproject/Cve-Services

Jdaigneau5

Published

2022-04-21

Updated

2022-05-03

CVE-2022-24875

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions CVEProject/cve-services versions up to and including 1.1.1

Description The issue concerns the erroneous logging of user secrets in the org.conroller.js code. This problem has been resolved in commit 46d98f2b and will be available in subsequent versions of the software. Users are advised to inspect their logs and remove any logged secrets as necessary.

Recommendations For versions up to and including 1.1.1, manually apply the 46d98f2b commit to resolve the issue. As a temporary workaround, inspect logs and remove logged secrets as appropriate. Update to a subsequent version of the software when it becomes available.

Exploit

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2022-24875

GHSA-RHJ9-QX37-7M2M

Affected Products

Cveproject/Cve-Services

PT-2022-16947 · Unknown · Cveproject/Cve-Services

CVE-2022-24875

Weakness Enumeration

Related Identifiers

Affected Products

References · 6