CVE-2024-34529
MEDIUMNebari - Exposure of Sensitive Information via Keycloak Root Password
Title source: llmDescription
Nebari through 2024.4.1 prints the temporary Keycloak root password.
References (2)
Core 2
Core References
Various Sources
https://github.com/nebari-dev/nebari/blob/5463e8df9e8d53a266a7b9d3d4e27353ec43c40b/src/_nebari/deploy.py#L71
Issue Tracking
https://github.com/nebari-dev/nebari/issues/2282
Scores
CVSS v3
4.8
EPSS
0.0010
EPSS Percentile
26.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (1)
pypi/nebari
0PyPI
Published
May 06, 2024
Tracked Since
Feb 18, 2026