Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SpiceDB: SPICEDB_DATASTORE_CONN_URI is leaked on startup logs
Vulnerability Description
SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions 1.49.0 through 1.51.0, when SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext password, inside DatastoreConfig.URI. This issue has been fixed in version 1.51.1. If users are unable to immediately upgrade, they can work around this issue by changing the log level to warn or error.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
SpiceDB 安全漏洞
Vulnerability Description
SpiceDB是Authzed团队的一个细粒度权限数据库。 SpiceDB 1.49.0至1.51.0版本存在安全漏洞,该漏洞源于日志记录包含明文密码,可能导致凭据泄露。
CVSS Information
N/A
Vulnerability Type
N/A