icon

We found results for “

CVE-2025-30205

Date: March 24, 2025

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the (optional) kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system log. This only impacts users which both use the provided patches and provision their "admin" or "idm_admin" account credentials this way. No other credentials are affected. Users should recompile kanidm with the newest patchset from tag "v1.2.0" or higher. As a workaround, the user can set the log level "KANIDM_LOG_LEVEL" to any level higher than "info", for example "warn".

Severity Score

Severity Score

Weakness Type (CWE)

Insertion of Sensitive Information into Log File

CWE-532

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us