Lucene search

Veracode Vulnerability DatabaseVERACODE:45851

HistoryMar 13, 2024 - 7:06 a.m.

Exposure Of Sensitive Information

2024-03-1307:06:05

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

sensitive information exposure

variable substitution

unintended exposure

execution

security document

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

go-vela/worker is vulnerable to Sensitive Information Exposure. The vulnerability is due to insecure handling of variable substitution, particularly in fields like parameters, image, and entrypoint, which can lead to unintended exposure of secrets during execution.

CPENameOperatorVersion
github.com/go-vela/workerlev0.23.1
github.com/go-vela/workerlev0.23.1

CPE	Name	Operator	Version
	github.com/go-vela/worker	le	v0.23.1
	github.com/go-vela/worker	le	v0.23.1

References

github.com/go-vela/worker/commit/e1572743b008e4fbce31ebb1dcd23bf6a1a30297

github.com/go-vela/worker/security/advisories/GHSA-pwx5-6wxg-px5h

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for VERACODE:45851