CVE-2023-30618 Vulnerability Details

  /     /     /  

CVE-2023-30618 Metadata Quick Info

CVE Published: 21/04/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: GitHub_M | Vendor: newcontext-oss | Product: kitchen-terraform
Status : PUBLISHED

---

CVE-2023-30618 Description

Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the `info` logging level during the `kitchen converge` action. Prior to v7.0.0, the output values were printed at the `debug` level to avoid writing sensitive values to the terminal by default. An attacker would need access to the local machine in order to gain access to these logs during an operation. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Metrics

CVSS Version: 3.1 | Base Score: 3.2 LOW
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-532
CWE Name: CWE-532: Insertion of Sensitive Information into Log File
Source: newcontext-oss

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).