You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile.
See doc/triage.md for instructions on how to triage this report.
module: github.com/hashicorp/go-getter
package: n/a
description: |
The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile.
cves:
- CVE-2022-29810
links:
pr: https://github.com/hashicorp/go-getter/pull/348
commit: https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc
context:
- https://github.com/hashicorp/go-getter/releases/tag/v1.5.11
The text was updated successfully, but these errors were encountered:
CVE-2022-29810 references github.com/hashicorp/go-getter, which may be a Go module.
Description:
The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile.
Links:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: