Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the `info` logging level during the `kitchen converge` action. Prior to v7.0.0, the output values were printed at the `debug` level to avoid writing sensitive values to the terminal by default. An attacker would need access to the local machine in order to gain access to these logs during an operation. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Published 2023-04-21 20:15:08
Updated 2023-05-04 12:37:53
Source GitHub, Inc.
View at NVD,   CVE.org

Products affected by CVE-2023-30618

Exploit prediction scoring system (EPSS) score for CVE-2023-30618

0.04%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-30618

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
3.3
LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1.8
1.4
NIST
3.2
LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
1.5
1.4
GitHub, Inc.

CWE ids for CVE-2023-30618

References for CVE-2023-30618

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!