CVE-2024-36127

CVSS V2 None CVSS V3 None
Description
apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5.
Overview
  • CVE ID
  • CVE-2024-36127
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-06-03T14:49:39.055Z
  • Last Modified Date
  • 2024-06-03T14:49:39.055Z
Weakness Enumerations
CWE URL
CWE-522 http://cwe.mitre.org/data/definitions/522.html
CWE-532 http://cwe.mitre.org/data/definitions/532.html
References
Reference URL Reference Tags
https://github.com/chainguard-dev/apko/security/advisories/GHSA-v6mg-7f7p-qmqp x_refsource_CONFIRM
https://github.com/chainguard-dev/apko/commit/2c0533e4d52e83031a04f6a83ec63fc2a11eff01 x_refsource_MISC
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2024-36127
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36127
History
Created Old Value New Value Data Type Notes
2024-06-26 11:04:29 Added to TrackCVE