Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities by containerbuildsystem

    CVE-2024-52582 (GCVE-0-2024-52582)

    Vulnerability from nvd – Published: 2024-11-19 15:32 – Updated: 2024-11-19 16:24
    VLAI
    Title
    cachi2 allows traceback prints locals
    Summary
    Cachi2 is a command-line interface tool that pre-fetches a project's dependencies to aid in making the project's build process network-isolated. Prior to version 0.14.0, secrets may be shown in logs when an unhandled exception is triggered because the tool is logging locals of each function. This may uncover secrets if tool used in CI/build pipelines as it's the main use case. Version 0.14.0 contains a patch for the issue. No known workarounds are available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    Impacted products
    Vendor Product Version
    containerbuildsystem cachi2 Affected: < 0.14.0
    Create a notification for this product.
    containerbuildsystem cachi2 Affected: 0 , < 0.14.0 (custom)
        cpe:2.3:a:containerbuildsystem:cachi2:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:containerbuildsystem:cachi2:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "cachi2",
                "vendor": "containerbuildsystem",
                "versions": [
                  {
                    "lessThan": "0.14.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52582",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-19T16:22:01.293055Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-19T16:24:58.503Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cachi2",
              "vendor": "containerbuildsystem",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.14.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cachi2 is a command-line interface tool that pre-fetches a project\u0027s dependencies to aid in making the project\u0027s build process network-isolated. Prior to version 0.14.0, secrets may be shown in logs when an unhandled exception is triggered because the tool is logging locals of each function. This may uncover secrets if tool used in CI/build pipelines as it\u0027s the main use case. Version 0.14.0 contains a patch for the issue. No known workarounds are available."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-19T15:32:26.579Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/containerbuildsystem/cachi2/security/advisories/GHSA-w9qc-9m5h-qqmh",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/containerbuildsystem/cachi2/security/advisories/GHSA-w9qc-9m5h-qqmh"
            },
            {
              "name": "https://github.com/containerbuildsystem/cachi2/commit/d6638e5e14474061a1ab1ba5d0ee72f58b9a11a9",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/containerbuildsystem/cachi2/commit/d6638e5e14474061a1ab1ba5d0ee72f58b9a11a9"
            },
            {
              "name": "https://typer.tiangolo.com/tutorial/exceptions/?h=#disable-local-variables-for-security",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://typer.tiangolo.com/tutorial/exceptions/?h=#disable-local-variables-for-security"
            }
          ],
          "source": {
            "advisory": "GHSA-w9qc-9m5h-qqmh",
            "discovery": "UNKNOWN"
          },
          "title": "cachi2 allows traceback prints locals"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-52582",
        "datePublished": "2024-11-19T15:32:26.579Z",
        "dateReserved": "2024-11-14T15:05:46.766Z",
        "dateUpdated": "2024-11-19T16:24:58.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-52582 (GCVE-0-2024-52582)

    Vulnerability from cvelistv5 – Published: 2024-11-19 15:32 – Updated: 2024-11-19 16:24
    VLAI
    Title
    cachi2 allows traceback prints locals
    Summary
    Cachi2 is a command-line interface tool that pre-fetches a project's dependencies to aid in making the project's build process network-isolated. Prior to version 0.14.0, secrets may be shown in logs when an unhandled exception is triggered because the tool is logging locals of each function. This may uncover secrets if tool used in CI/build pipelines as it's the main use case. Version 0.14.0 contains a patch for the issue. No known workarounds are available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    Impacted products
    Vendor Product Version
    containerbuildsystem cachi2 Affected: < 0.14.0
    Create a notification for this product.
    containerbuildsystem cachi2 Affected: 0 , < 0.14.0 (custom)
        cpe:2.3:a:containerbuildsystem:cachi2:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:containerbuildsystem:cachi2:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "cachi2",
                "vendor": "containerbuildsystem",
                "versions": [
                  {
                    "lessThan": "0.14.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-52582",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-19T16:22:01.293055Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-19T16:24:58.503Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cachi2",
              "vendor": "containerbuildsystem",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.14.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cachi2 is a command-line interface tool that pre-fetches a project\u0027s dependencies to aid in making the project\u0027s build process network-isolated. Prior to version 0.14.0, secrets may be shown in logs when an unhandled exception is triggered because the tool is logging locals of each function. This may uncover secrets if tool used in CI/build pipelines as it\u0027s the main use case. Version 0.14.0 contains a patch for the issue. No known workarounds are available."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-19T15:32:26.579Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/containerbuildsystem/cachi2/security/advisories/GHSA-w9qc-9m5h-qqmh",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/containerbuildsystem/cachi2/security/advisories/GHSA-w9qc-9m5h-qqmh"
            },
            {
              "name": "https://github.com/containerbuildsystem/cachi2/commit/d6638e5e14474061a1ab1ba5d0ee72f58b9a11a9",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/containerbuildsystem/cachi2/commit/d6638e5e14474061a1ab1ba5d0ee72f58b9a11a9"
            },
            {
              "name": "https://typer.tiangolo.com/tutorial/exceptions/?h=#disable-local-variables-for-security",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://typer.tiangolo.com/tutorial/exceptions/?h=#disable-local-variables-for-security"
            }
          ],
          "source": {
            "advisory": "GHSA-w9qc-9m5h-qqmh",
            "discovery": "UNKNOWN"
          },
          "title": "cachi2 allows traceback prints locals"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-52582",
        "datePublished": "2024-11-19T15:32:26.579Z",
        "dateReserved": "2024-11-14T15:05:46.766Z",
        "dateUpdated": "2024-11-19T16:24:58.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }