Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
kanidm-provision leaks provisioned admin credentials into the system log
Vulnerability Description
kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the (optional) kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system log. This only impacts users which both use the provided patches and provision their `admin` or `idm_admin` account credentials this way. No other credentials are affected. Users should recompile kanidm with the newest patchset from tag `v1.2.0` or higher. As a workaround, the user can set the log level `KANIDM_LOG_LEVEL` to any level higher than `info`, for example `warn`.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:N
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
kanidm-provision 日志信息泄露漏洞
Vulnerability Description
kanidm-provision是oddlama个人开发者的一个帮助配置 kanidm 的小型实用程序。 kanidm-provision 1.2.0之前版本存在日志信息泄露漏洞,该漏洞源于提供的kanidm补丁中的函数错误导致管理员凭据泄露到系统日志中。
CVSS Information
N/A
Vulnerability Type
N/A