-
-
Notifications
You must be signed in to change notification settings - Fork 216
/
CVE-2023-30618.yml
33 lines (31 loc) · 1.41 KB
/
CVE-2023-30618.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
---
gem: kitchen-terraform
cve: 2023-30618
ghsa: 65g2-x53q-cmf6
url: https://github.com/newcontext-oss/kitchen-terraform/security/advisories/GHSA-65g2-x53q-cmf6
title: Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform
date: 2023-04-24
description: |
Summary
Kitchen-Terraform v7.0.0 introduced a regression which caused all
Terraform output values, including sensitive values, to be printed
at the `info` logging level during the `kitchen converge` action.
Prior to v7.0.0, the output values were printed at the `debug` level
to avoid writing sensitive values to the terminal by default.
### Original Report
@brettcurtis:
Hopefully, I'm not doing something stupid here, but I'm seeing
sensitive outputs printed in the kitchen output. You can check
this action for an example: https://github.com/osinfra-io/terraform-google-project/actions/runs/4700065515/jobs/8334277309#step:5:215
It's not really a sensitive value just used it as an example.
cvss_v3: 3.2
unaffected_versions:
- "< 7.0.0"
patched_versions:
- ">= 7.0.1"
related:
url:
- https://github.com/newcontext-oss/kitchen-terraform/security/advisories/GHSA-65g2-x53q-cmf6
- https://nvd.nist.gov/vuln/detail/CVE-2023-30618
- https://github.com/newcontext-oss/kitchen-terraform/commit/3d20d60e7a891e2dd747df995a31226fa0b4ac48
- https://github.com/advisories/GHSA-65g2-x53q-cmf6