2.0
CVSS V3
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output. ### Impact
What kind of vulnerability is it? Who is impacted?
Storage credentials are written to the console.
Has the problem been patched? Yes, see #3589 What versions should users upgrade to?
Is there a way for users to fix or remediate the vulnerability without upgrading?
kopia repo status --json
will write the credentials to the output without scrubbing them.kopia repo status
with the --json
flag in an insecure environment where.kopia repo status --json
command.Advisories are based on vulnerability information provided by Grype from Anchore.
Products
Chainguard Images© 2024 Chainguard, Inc.