CVE-2025-24355
CVE-2025-24355
Título es
CVE-2025-24355
Vie, 24/01/2025 – 17:15
Tipo
CWE-359
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2025-24355
Descripción en
Updatecli is a tool used to apply file update strategies. Prior to version 0.93.0, private maven repository credentials may be leaked in application logs in case of unsuccessful retrieval operation. During the execution of an updatecli pipeline which contains a `maven` source configured with basic auth credentials, the credentials are being leaked in the application execution logs in case of failure. Credentials are properly sanitized when the operation is successful but not when for whatever reason there is a failure in the maven repository, e.g. wrong coordinates provided, not existing artifact or version. Version 0.93.0 contains a patch for the issue.
24/01/2025
24/01/2025
Vector CVSS:3.1
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Gravedad 3.1 (CVSS 3.1 Base Score)
7.10
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH
Referencias
Enviar en el boletín
Off
