Published: 07/07/2020 Updated: 07/11/2023

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 4.4 | Impact Score: 3.6 | Exploitability Score: 0.8

VMScore: 169

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Versions of the npm CLI before 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
npmjs npm
opensuse leap 15.1
opensuse leap 15.2
fedoraproject fedora 33

Debian Bug report logs - #964746 npm: CVE-2020-15095 Package: src:npm; Maintainer for src:npm is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 9 Jul 2020 20:39:02 UTC Severity: important Tags: security, upstream Found i ...

Synopsis Moderate: rh-nodejs12-nodejs security update Type/Severity Security Advisory: Moderate Topic An update for rh-nodejs12-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...

Synopsis Moderate: nodejs:12 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring S ...

Synopsis Moderate: nodejs:12 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Comm ...

Synopsis Moderate: rh-nodejs10-nodejs security update Type/Severity Security Advisory: Moderate Topic An update for rh-nodejs10-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...

Synopsis Moderate: nodejs:10 security update Type/Severity Security Advisory: Moderate Topic An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ...

CWE-532 https://github.com/npm/cli/blob/66aab417f836a901f8afb265251f761bb0422463/CHANGELOG.md#6146-2020-07-07 https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html https://security.gentoo.org/glsa/202101-07 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964746 https://nvd.nist.gov

CVE-2020-15095

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect