Exposure of Sensitive System Information Due to Uncleared Debug Information

CVE-2022-39292

High

7.5/10

Summary

Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slack webhooks may disable or filter debug logs.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-1258 - Exposure of Sensitive System Information Due to Uncleared Debug Information

The hardware does not fully clear security-sensitive values, such as keys and intermediate values in cryptographic operations, when debug mode is entered.

References

Advisory Timeline

Published Oct 10, 2022

Exposure of Sensitive System Information Due to Uncleared Debug Information

CVE-2022-39292

Summary

CWE-1258 - Exposure of Sensitive System Information Due to Uncleared Debug Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS