Impact
What kind of vulnerability is it? Who is impacted?
Storage credentials are written to the console.
Patches
Has the problem been patched? Yes, see #3589
What versions should users upgrade to?
- Any version after or including commit 1d6f852
- No release has been created yet.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
- Be aware that
kopia repo status --json will write the credentials to the output without scrubbing them.
- Avoid executing
kopia repo status with the --json flag in an insecure environment where.
- Avoid logging the output of the
kopia repo status --json command.
Impact
What kind of vulnerability is it? Who is impacted?
Storage credentials are written to the console.
Patches
Has the problem been patched? Yes, see #3589
What versions should users upgrade to?
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
kopia repo status --jsonwill write the credentials to the output without scrubbing them.kopia repo statuswith the--jsonflag in an insecure environment where.kopia repo status --jsoncommand.