CVE-2024-36127

apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5.
Configurations

No configuration.

History

21 Nov 2024, 09:21

Type Values Removed Values Added
References () https://github.com/chainguard-dev/apko/commit/2c0533e4d52e83031a04f6a83ec63fc2a11eff01 - () https://github.com/chainguard-dev/apko/commit/2c0533e4d52e83031a04f6a83ec63fc2a11eff01 -
References () https://github.com/chainguard-dev/apko/security/advisories/GHSA-v6mg-7f7p-qmqp - () https://github.com/chainguard-dev/apko/security/advisories/GHSA-v6mg-7f7p-qmqp -
Summary
  • (es) apko es un creador de imágenes OCI basado en apk. apko expone las credenciales de autenticación básica HTTP del repositorio y las URL del conjunto de claves en la salida del registro. Esta vulnerabilidad se solucionó en v0.14.5.

03 Jun 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-03 15:15

Updated : 2024-11-21 09:21


NVD link : CVE-2024-36127

Mitre link : CVE-2024-36127

CVE.ORG link : CVE-2024-36127


JSON object : View

Products Affected

No product.

CWE
CWE-522

Insufficiently Protected Credentials

CWE-532

Insertion of Sensitive Information into Log File