What kind of vulnerability is it? Who is impacted?
Storage credentials are written to the console.
Has the problem been patched? Yes, see #3589
What versions should users upgrade to?
Is there a way for users to fix or remediate the vulnerability without upgrading?
kopia repo status --json
will write the credentials to the output without scrubbing them.kopia repo status
with the --json
flag in an insecure environment where.kopia repo status --json
command.CPE | Name | Operator | Version |
---|---|---|---|
github.com/kopia/kopia | lt | 0.16.0 |