CVE-2022-39292: Exposure of sensitive Slack webhook URLs in debug logs and traces
Debug logs expose sensitive URLs for Slack webhooks that contain private information.
References
- github.com/abdolence/slack-morphism-rust
- github.com/abdolence/slack-morphism-rust/commit/48a1da2dc2ad3a5ccc60036d43f6f8fbb2c15f1d
- github.com/abdolence/slack-morphism-rust/commit/65ef9fac4f39c4e171e2952a6cf029bb0d059a89
- github.com/abdolence/slack-morphism-rust/releases/tag/v1.3.2
- github.com/abdolence/slack-morphism-rust/security/advisories/GHSA-4mjx-2gh5-ph8h
- github.com/advisories/GHSA-4mjx-2gh5-ph8h
- nvd.nist.gov/vuln/detail/CVE-2022-39292
- rustsec.org/advisories/RUSTSEC-2022-0087.html
Detect and mitigate CVE-2022-39292 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →