Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-30618

Good to know:

icon

Date: April 21, 2023

Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the "info" logging level during the "kitchen converge" action. Prior to v7.0.0, the output values were printed at the "debug" level to avoid writing sensitive values to the terminal by default. An attacker would need access to the local machine in order to gain access to these logs during an operation. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: Ruby

Severity Score

Related Resources (6)

https://github.com/newcontext-oss/kitchen-terraform/security/advisories/GHSA-65g2-x53q-cmf6
https://github.com/newcontext-oss/kitchen-terraform/commit/3d20d60e7a891e2dd747df995a31226fa0b4ac48
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/kitchen-terraform/CVE-2023-30618.yml
https://github.com/newcontext-oss/kitchen-terraform
https://nvd.nist.gov/vuln/detail/CVE-2023-30618
https://www.mend.io/vulnerability-database/CVE-2023-30618

Severity Score

Weakness Type (CWE)

Insertion of Sensitive Information into Log File

CWE-532

Top Fix

icon

Upgrade Version

Upgrade to version kitchen-terraform - 7.0.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us