CVE-2024-52582
CVSS V2 None
CVSS V3 None
Description
Cachi2 is a command-line interface tool that pre-fetches a project's dependencies to aid in making the project's build process network-isolated. Prior to version 0.14.0, secrets may be shown in logs when an unhandled exception is triggered because the tool is logging locals of each function. This may uncover secrets if tool used in CI/build pipelines as it's the main use case. Version 0.14.0 contains a patch for the issue. No known workarounds are available.
Overview
- CVE ID
- CVE-2024-52582
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-19T15:32:26.579Z
- Last Modified Date
- 2024-11-19T16:24:58.503Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/containerbuildsystem/cachi2/security/advisories/GHSA-w9qc-9m5h-qqmh | x_refsource_CONFIRM |
| https://github.com/containerbuildsystem/cachi2/commit/d6638e5e14474061a1ab1ba5d0ee72f58b9a11a9 | x_refsource_MISC |
| https://typer.tiangolo.com/tutorial/exceptions/?h=#disable-local-variables-for-security | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-52582 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52582 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-11-20 14:02:53 | Added to TrackCVE |