x/vulndb: potential Go vuln in github.com/hashicorp/go-getter: CVE-2022-29810

CVE-2022-29810 references [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter), which may be a Go module.

Description:
The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile.

Links:
- NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-29810
- JSON: https://github.com/CVEProject/cvelist/tree/6ab35cd74b6987a707968f7ea093e501411e16c3/2022/29xxx/CVE-2022-29810.json
- Commit: https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc
- PR: https://github.com/hashicorp/go-getter/pull/348
- https://github.com/hashicorp/go-getter/releases/tag/v1.5.11

See [doc/triage.md](https://github.com/golang/vulndb/blob/master/doc/triage.md) for instructions on how to triage this report.

```
module: github.com/hashicorp/go-getter
package: n/a
description: |
    The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile.
cves:
  - CVE-2022-29810
links:
    pr: https://github.com/hashicorp/go-getter/pull/348
    commit: https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc
    context:
      - https://github.com/hashicorp/go-getter/releases/tag/v1.5.11

```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

x/vulndb: potential Go vuln in github.com/hashicorp/go-getter: CVE-2022-29810 #438

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

x/vulndb: potential Go vuln in github.com/hashicorp/go-getter: CVE-2022-29810 #438

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions