GHSA-j5vm-7qcc-2wwg: Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output

April 10, 2024 (updated April 27, 2026)

What kind of vulnerability is it? Who is impacted?

Storage credentials are written to the console.

References

github.com/advisories/GHSA-j5vm-7qcc-2wwg
github.com/kopia/kopia/commit/1d6f852cd6534f4bea978cbdc85c583803d79f77
github.com/kopia/kopia/pull/3589
github.com/kopia/kopia/security/advisories/GHSA-j5vm-7qcc-2wwg

Code Behaviors & Features

Detect and mitigate GHSA-j5vm-7qcc-2wwg with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →