Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1qNXZtLTdxY2MtMnd3Z84AA63w

Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output

Impact

What kind of vulnerability is it? Who is impacted?

Storage credentials are written to the console.

Patches

Has the problem been patched? Yes, see #3589
What versions should users upgrade to?

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?

Permalink: https://github.com/advisories/GHSA-j5vm-7qcc-2wwg
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qNXZtLTdxY2MtMnd3Z84AA63w
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 1 month ago
Updated: about 1 month ago


CVSS Score: 2.0
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

Identifiers: GHSA-j5vm-7qcc-2wwg
References: Repository: https://github.com/kopia/kopia
Blast Radius: 3.2

Affected Packages

go:github.com/kopia/kopia
Dependent packages: 33
Dependent repositories: 39
Downloads:
Affected Version Ranges: < 0.16.0
Fixed in: 0.16.0
All affected versions: 0.3.0, 0.4.0, 0.5.2, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.9.8, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7, 0.11.0, 0.11.1, 0.11.2, 0.11.3, 0.12.0, 0.12.1, 0.13.0, 0.14.0, 0.14.1, 0.15.0
All unaffected versions: 0.16.0, 0.16.1, 0.17.0