#VU71422 Insufficiently protected credentials in SCS Library Client - CVE-2022-23538
Published: January 23, 2023
Vulnerability identifier: #VU71422
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-23538
CWE-ID: CWE-522
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
SCS Library Client
SCS Library Client
Software vendor:
Sylabs
Sylabs
Description
The vulnerability allows a remote user to compromise the target system.
The vulnerability exists due to insufficiently protected credentials when pulling container images. A remote administrator can obtain the HTTP Authorization header.
Remediation
Install updates from vendor's website.
External links
- https://github.com/sylabs/scs-library-client/commit/68ac4cab5cda0afd8758ff5b5e2e57be6a22fcfa
- https://github.com/sylabs/scs-library-client/commit/b5db2aacba6bf1231f42dd475cc32e6355ab47b2
- https://github.com/sylabs/scs-library-client/commit/eebd7caaab310b1fa803e55b8fc1acd9dcd2d00c
- https://github.com/sylabs/scs-library-client/security/advisories/GHSA-7p8m-22h4-9pj7