mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
118 lines
4.4 KiB
JSON
118 lines
4.4 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "security-advisories@github.com",
|
|
"ID": "CVE-2020-15095",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Sensitive information exposure through logs in npm cli"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "cli",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "< 6.14.6"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "npm"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like \"<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>\". The password value is not redacted and is printed to stdout and also to any generated log files."
|
|
}
|
|
]
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "HIGH",
|
|
"attackVector": "LOCAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.4,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "LOW",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "REQUIRED",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
|
|
"version": "3.1"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-532: Insertion of Sensitive Information into Log File"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp"
|
|
},
|
|
{
|
|
"name": "https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc",
|
|
"refsource": "MISC",
|
|
"url": "https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc"
|
|
},
|
|
{
|
|
"name": "https://github.com/npm/cli/blob/66aab417f836a901f8afb265251f761bb0422463/CHANGELOG.md#6146-2020-07-07",
|
|
"refsource": "MISC",
|
|
"url": "https://github.com/npm/cli/blob/66aab417f836a901f8afb265251f761bb0422463/CHANGELOG.md#6146-2020-07-07"
|
|
},
|
|
{
|
|
"refsource": "SUSE",
|
|
"name": "openSUSE-SU-2020:1616",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html"
|
|
},
|
|
{
|
|
"refsource": "SUSE",
|
|
"name": "openSUSE-SU-2020:1644",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00015.html"
|
|
},
|
|
{
|
|
"refsource": "SUSE",
|
|
"name": "openSUSE-SU-2020:1660",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html"
|
|
},
|
|
{
|
|
"refsource": "FEDORA",
|
|
"name": "FEDORA-2020-43d5a372fc",
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/"
|
|
},
|
|
{
|
|
"refsource": "GENTOO",
|
|
"name": "GLSA-202101-07",
|
|
"url": "https://security.gentoo.org/glsa/202101-07"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"advisory": "GHSA-93f3-23rq-pjfp",
|
|
"discovery": "UNKNOWN"
|
|
}
|
|
} |