CVE-2023-30618

LOW Year: 2023
CVSS v3 Score
3.3
Low
Weakness Type
CWE-532
View all →

Vulnerability Description

Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the `info` logging level during the `kitchen converge` action. Prior to v7.0.0, the output values were printed at the `debug` level to avoid writing sensitive values to the terminal by default. An attacker would need access to the local machine in order to gain access to these logs during an operation. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2016-0296

LOW
CVSS:3.3(Low)

IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.

CWE-5322016

CVE-2016-5432

LOW
CVSS:3.3(Low)

The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.

CWE-5322016

CVE-2017-1733

LOW
CVSS:3.3(Low)

IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914.

CWE-5322017

CVE-2017-18423

LOW
CVSS:3.3(Low)

In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).

CWE-5322017

CVE-2018-5693

LOW
CVSS:3.3(Low)

The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog.

CWE-5322018

CVE-2019-10343

LOW
CVSS:3.3(Low)

Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied.

CWE-5322019