Vulnerability Report: GO-2022-0438
- CVE-2022-29810, GHSA-27rq-4943-qcwp
- Affects: github.com/hashicorp/go-getter
- Published: Jul 01, 2022
- Modified: Jun 12, 2023
The getter package can write SSH credentials to its logfile, exposing credentials to local users able to read the logfile.
Affected Packages
-
PathVersionsSymbols
-
before v1.5.11
Aliases
References
- https://github.com/hashicorp/go-getter/pull/348
- https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc
- https://github.com/hashicorp/go-getter/releases/tag/v1.5.11
- https://vuln.go.dev/ID/GO-2022-0438.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.