logo

Database

Sensitive information in source code In github.com/hashicorp/go-getter

Description

Insertion of Sensitive Information into Log File in Hashicorp go-getter The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-298102. NVD-2022-298103. OSV-2022-298104. GCVE-2022-29810

References

1. https://github.com/hashicorp/go-getter/pull/3482. https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc3. https://github.com/hashicorp/go-getter/releases/tag/v1.5.114. https://pkg.go.dev/vuln/GO-2022-0438

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.