Lucene search
GoogleOSV:GO-2023-2137HistoryOct 24, 2023 - 8:27 p.m.
Credentials leak in github.com/ydb-platform/ydb-go-sdk/v3
2023-10-2420:27:41
Google
osv.dev
21
credentials
github
ydb go sdk
sensitive information
logs
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
15.7%
A custom credentials object that does not implement the fmt.Stringer interface may leak sensitive information (e.g., credentials) via logs.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/ydb-platform/ydb-go-sdk/v3 | ge | 3.48.6 | |
| github.com/ydb-platform/ydb-go-sdk/v3 | lt | 3.53.3 |
Related
osv
osv
ydb-go-sdk token in custom credentials object can leak through logs
2023-10-19 17:10:00
CVE-2023-45825
2023-10-19 19:15:16
prion
prion
Design/Logic Flaw
2023-10-19 19:15:00
github
github
ydb-go-sdk token in custom credentials object can leak through logs
2023-10-19 17:10:00
cve
cve
CVE-2023-45825
2023-10-19 19:15:16
cvelist
cvelist
nvd
nvd
CVE-2023-45825
2023-10-19 19:15:16
veracode
veracode
Credential Disclosure Through Logs
2023-10-23 04:10:17
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
15.7%
Related for OSV:GO-2023-2137