CVE-2024-6833: Zowe CLI allows storage of previously entered secure credentials in a plaintext file

July 17, 2024

A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation.

References

github.com/advisories/GHSA-ghgq-x6wc-6jr5
github.com/zowe/zowe-cli
github.com/zowe/zowe-cli/commit/6778da5e03c65dfcd3e6e4b4097b94d9fbd5d01b
nvd.nist.gov/vuln/detail/CVE-2024-6833

Code Behaviors & Features

Detect and mitigate CVE-2024-6833 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →