Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1naGdxLXg2d2MtNmpyNc4AA9-w
Zowe CLI allows storage of previously entered secure credentials in a plaintext file
A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation.
Permalink: https://github.com/advisories/GHSA-ghgq-x6wc-6jr5JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1naGdxLXg2d2MtNmpyNc4AA9-w
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 4 months ago
Updated: 4 months ago
CVSS Score: 5.9
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Identifiers: GHSA-ghgq-x6wc-6jr5, CVE-2024-6833
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-6833
- https://github.com/zowe/zowe-cli
- https://github.com/zowe/zowe-cli/commit/6778da5e03c65dfcd3e6e4b4097b94d9fbd5d01b
- https://github.com/advisories/GHSA-ghgq-x6wc-6jr5
Blast Radius: 9.3
Affected Packages
npm:@zowe/cli
Dependent packages: 39Dependent repositories: 38
Downloads: 5,381 last month
Affected Version Ranges: >= 7.18.0, < 7.23.5
Fixed in: 7.23.5
All affected versions: 7.18.0, 7.18.1, 7.18.2, 7.18.3, 7.18.4, 7.18.5, 7.18.6, 7.18.7, 7.18.8, 7.18.9, 7.18.10, 7.18.11, 7.19.0, 7.20.0, 7.20.1, 7.21.0, 7.21.1, 7.21.2, 7.21.3, 7.21.4, 7.22.0, 7.23.0, 7.23.1, 7.23.2, 7.23.3, 7.23.4
All unaffected versions: 5.2.1, 5.3.0, 5.4.1, 5.5.0, 5.5.2, 5.6.0, 5.7.3, 5.9.1, 5.11.0, 5.14.0, 5.14.1, 5.14.2, 5.15.0, 6.0.0, 6.0.1, 6.1.0, 6.3.0, 6.4.0, 6.4.1, 6.5.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.7.0, 6.7.2, 6.8.0, 6.8.1, 6.8.2, 6.8.3, 6.9.2, 6.10.0, 6.10.1, 6.10.2, 6.10.3, 6.11.0, 6.11.1, 6.11.2, 6.12.0, 6.13.0, 6.14.0, 6.15.0, 6.16.0, 6.17.0, 6.17.1, 6.17.2, 6.17.3, 6.18.0, 6.19.0, 6.19.1, 6.20.0, 6.21.0, 6.21.1, 6.22.0, 6.23.0, 6.24.1, 6.24.2, 6.24.3, 6.24.4, 6.24.5, 6.24.6, 6.25.0, 6.25.1, 6.25.2, 6.26.0, 6.27.0, 6.27.1, 6.28.0, 6.29.0, 6.30.0, 6.31.0, 6.31.1, 6.31.2, 6.32.0, 6.32.1, 6.32.2, 6.33.0, 6.33.1, 6.33.2, 6.33.3, 6.33.4, 6.34.0, 6.34.1, 6.35.0, 6.36.0, 6.36.1, 6.37.0, 6.37.1, 6.37.2, 6.37.3, 6.37.5, 6.37.6, 6.37.7, 6.37.8, 6.38.0, 6.39.0, 6.39.1, 6.40.0, 6.40.1, 6.40.2, 6.40.3, 6.40.4, 6.40.5, 6.40.6, 6.40.7, 6.40.8, 6.40.10, 6.40.11, 6.40.13, 6.40.14, 6.40.15, 6.40.16, 6.40.17, 6.40.18, 6.40.19, 6.40.20, 6.40.21, 6.40.22, 6.40.23, 6.40.24, 6.40.25, 6.40.26, 6.40.27, 6.40.28, 6.40.29, 6.40.30, 6.40.31, 6.40.32, 7.0.0, 7.0.1, 7.0.2, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.4.2, 7.5.0, 7.5.1, 7.6.0, 7.6.1, 7.6.2, 7.7.0, 7.8.0, 7.9.0, 7.9.1, 7.9.2, 7.9.3, 7.9.4, 7.9.5, 7.9.6, 7.9.7, 7.9.8, 7.10.0, 7.10.1, 7.10.2, 7.10.3, 7.10.4, 7.11.0, 7.11.1, 7.11.2, 7.11.3, 7.12.0, 7.13.0, 7.14.0, 7.14.1, 7.15.0, 7.16.0, 7.16.1, 7.16.2, 7.16.3, 7.16.4, 7.16.6, 7.17.0, 7.23.5, 7.23.6, 7.23.7, 7.23.8, 7.23.9, 7.24.0, 7.24.1, 7.24.2, 7.24.3, 7.25.0, 7.25.1, 7.25.2, 7.26.0, 7.26.1, 7.27.0, 7.28.0, 7.28.1, 7.28.2, 7.28.3, 7.28.4, 7.29.0, 7.29.1, 7.29.2, 7.29.3, 7.29.4, 7.29.5, 8.0.0, 8.0.1, 8.1.0, 8.1.1, 8.2.0, 8.3.0, 8.5.0, 8.6.0, 8.6.1, 8.6.2, 8.7.0, 8.7.1, 8.8.0, 8.8.1, 8.8.2