Home > Vulnerability Database > CVE-2024-52582

Mend.io Vulnerability Database

CVE-2024-52582

Date: November 19, 2024

Cachi2 is a command-line interface tool that pre-fetches a project's dependencies to aid in making the project's build process network-isolated. Prior to version 0.14.0, secrets may be shown in logs when an unhandled exception is triggered because the tool is logging locals of each function. This may uncover secrets if tool used in CI/build pipelines as it's the main use case. Version 0.14.0 contains a patch for the issue. No known workarounds are available.

Language: Python

Severity Score

4.7

Related Resources (5)

Url: https://github.com/containerbuildsystem/cachi2/commit/d6638e5e14474061a1ab1ba5d0ee72f58b9a11a9

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-52582

Url: https://github.com/containerbuildsystem/cachi2/security/advisories/GHSA-w9qc-9m5h-qqmh

Url: https://typer.tiangolo.com/tutorial/exceptions/?h=#disable-local-variables-for-security

Url: https://www.mend.io/vulnerability-database/CVE-2024-52582

Severity Score

4.7

Weakness Type (CWE)

Exposure of Sensitive System Information to an Unauthorized Control Sphere

CWE-497

CVSS v3.1

Base Score:	4.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-52582

Date: November 19, 2024

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?