[GHSA-4mgv-m5cm-f9h7] Vault GitHub Action did not correctly mask multi-line secrets in output

github / advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Creative Commons Attribution 4.0 International

1.67k stars 304 forks source link

[GHSA-4mgv-m5cm-f9h7] Vault GitHub Action did not correctly mask multi-line secrets in output #4568

Open GAEAlimited opened 5 days ago

GAEAlimited commented 5 days ago

Updates

Affected products

Comments HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows attackers to obtain sensitive information from log files because a multi-line secret was not correctly registered with GitHub Actions for log masking.

JonathanLEvans commented 4 days ago

Hi @GAEAlimited, the pull request seems to be missing the changes you want to make. Could you clarify what you are asking for?