GHSA-27rq-4943-qcwp, CVE-2022-29810
go/github.com/hashicorp/go-getter
Insertion of Sensitive Information into Log File in Hashicorp go-getter
The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile.
All versions before 1.5.11
Upgrade to version 1.5.11 or above.
2022-05-04
source |