CVE-2020-7654

HIGH

Synk Broker < 4.73.1 - Log Information Exposure

Title source: rule
STIX 2.1

Description

All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613

Scores

CVSS v3 7.5
EPSS 0.0028
EPSS Percentile 51.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-532
Status published
Products (2)
npm/snyk-broker 0 - 4.73.1npm
synk/broker < 4.73.1
Published May 29, 2020
Tracked Since Feb 18, 2026