CVE-2022-3474

UNKNOWN 0.0

Bazel leaks user credentials through the remote assets API

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3.

CWE	CWE-522
Vendor	google llc
Product	bazel
Published	Oct 26, 2022
Last Updated	Aug 3, 2024

Stay Ahead of the Next One

Get instant alerts for google llc bazel

Be the first to know when new unknown vulnerabilities affecting google llc bazel are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Google LLC / Bazel

5.0.0 < 5.3.2 4.0.0 < 4.2.3 3.0.0 < 3.7.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/bazelbuild/bazel/security/advisories/GHSA-mxr8-q875-rhwq

Credits

https://github.com/Yannic