You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Line 444 sets result.secret to the user's key, then line 458 logs result, including the secret, to disk.
Notes:
Any modifications/remediation must be implemented in Master Branch as a "hot fix" to CVE Service 1.1.1 in production as well as in the Dev Branch so that the changes make their way into CVE Services 2.x
Potential secrets are being logged to disk in the following block:(https://github.com/CVEProject/cve-services/blob/dev/src/controller/org.controller/org.controller.js#L444-L458)
Line 444 sets result.secret to the user's key, then line 458 logs result, including the secret, to disk.
Notes:
Any modifications/remediation must be implemented in Master Branch as a "hot fix" to CVE Service 1.1.1 in production as well as in the Dev Branch so that the changes make their way into CVE Services 2.x