CVE-2024-36127 – apko Exposure of HTTP basic auth credentials in log output

https://notcve.org/view.php?id=CVE-2024-36127

apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5. apko es un creador de imágenes OCI basado en apk. apko expone las credenciales de autenticación básica HTTP del repositorio y las URL del conjunto de claves en la salida del registro. Esta vulnerabilidad se solucionó en v0.14.5. • https://github.com/chainguard-dev/apko/commit/2c0533e4d52e83031a04f6a83ec63fc2a11eff01 https://github.com/chainguard-dev/apko/security/advisories/GHSA-v6mg-7f7p-qmqp • CWE-522: Insufficiently Protected Credentials CWE-532: Insertion of Sensitive Information into Log File •