CVE-2022-29810

Insertion of Sensitive Information into Log File in Hashicorp go-getter in go/github.com/hashicorp/go-getter

Identifiers

GHSA-27rq-4943-qcwp, CVE-2022-29810

Package Slug

go/github.com/hashicorp/go-getter

Vulnerability

Insertion of Sensitive Information into Log File in Hashicorp go-getter

Description

The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile.

Affected Versions

All versions before 1.5.11

Solution

Upgrade to version 1.5.11 or above.

Last Modified

2022-05-04

source