CVE-2020-15095

MEDIUM Year: 2020
CVSS v3 Score
4.4
Medium
CVSS v2 Score
1.9
Low
Weakness Type
CWE-532
View all →

Vulnerability Description

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.

Related Vulnerabilities

CVE-2017-1795

MEDIUM
CVSS:4.4(Medium)

IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042.

CWE-5322017

CVE-2018-16859

MEDIUM
CVSS:4.4(Medium)

Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user wi...

CWE-5322018

CVE-2018-1788

MEDIUM
CVSS:4.4(Medium)

IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873.

CWE-5322018

CVE-2018-2440

MEDIUM
CVSS:4.4(Medium)

Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) exposes sensitive information in the application logs.

CWE-5322018

CVE-2019-4225

MEDIUM
CVSS:4.4(Medium)

IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.

CWE-5322019

CVE-2019-4284

MEDIUM
CVSS:4.4(Medium)

IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as anothe...

CWE-5322019