CVE-2020-15095

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://[[:]@][:][:][/]". The password value is not redacted and is printed to stdout and also to any generated log files.
Configurations

Configuration 1

cpe:2.3:a:npmjs:npm:*:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Information

Published : 2020-07-07 07:15

Updated : 2022-08-02 08:44


NVD link : CVE-2020-15095

Mitre link : CVE-2020-15095

Products Affected
No products.
CWE
CWE-532

Insertion of Sensitive Information into Log File