PT-2022-22308 · Google · Bazel
Meteorcloudy
+1
·
Published
2022-10-26
·
Updated
2024-05-21
·
CVE-2022-3474
CVSS v4.0
5.1
Medium
| Vector | AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Bazel versions prior to 5.3.2
Bazel versions prior to 4.2.3
Description
A bad credential handling in the remote assets API sends all user-provided credentials instead of only the required ones for the requests.
Recommendations
For Bazel versions prior to 5.3.2, upgrade to version 5.3.2 or later.
For Bazel versions prior to 4.2.3, upgrade to version 4.2.3 or later.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bazel