1 results (0.001 seconds)
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0
CVE-2023-30610 – AWS SDK for Rust will log AWS credentials when TRACE-level logging is enabled for request sending
https://notcve.org/view.php?id=CVE-2023-30610
aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The `aws_sigv4::SigningParams` struct had a derived `Debug` implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security token in plaintext. When TRACE-level logging is enabled for an SDK, `SigningParams` is printed, thereby revealing those credentials to anyone with access to logs. All users of the AWS SDK for Rust who enabled TRACE-level logging, either globally (e.g. • https://github.com/awslabs/aws-sdk-rust/security/advisories/GHSA-mjv9-vp6w-3rc9 • CWE-532: Insertion of Sensitive Information into Log File •