CVE-2024-52582

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-52582
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52582.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-52582
Aliases
  • GHSA-w9qc-9m5h-qqmh
Published
2024-11-19T15:32:26Z
Modified
2025-10-25T06:48:19.478691Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
cachi2 allows traceback prints locals
Details

Cachi2 is a command-line interface tool that pre-fetches a project's dependencies to aid in making the project's build process network-isolated. Prior to version 0.14.0, secrets may be shown in logs when an unhandled exception is triggered because the tool is logging locals of each function. This may uncover secrets if tool used in CI/build pipelines as it's the main use case. Version 0.14.0 contains a patch for the issue. No known workarounds are available.

Database specific 
{
    "cwe_ids": [
        "CWE-497"
    ]
}
References

Affected packages

Git / github.com/containerbuildsystem/cachi2

Affected ranges

Type
GIT
Repo
https://github.com/containerbuildsystem/cachi2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d6638e5e14474061a1ab1ba5d0ee72f58b9a11a9

Affected versions

0.*

0.0.0
0.1.0
0.10.0
0.11.0
0.12.0
0.13.0
0.2.0
0.3.0
0.4.0
0.5.0
0.6.0
0.7.0
0.8.0
0.9.0
0.9.1

Git / github.com/containerbuildsystem/cachi2

Affected ranges

Type
GIT
Repo
https://github.com/hermetoproject/hermeto
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d6638e5e14474061a1ab1ba5d0ee72f58b9a11a9

Affected versions

0.*

0.0.0
0.1.0
0.10.0
0.11.0
0.12.0
0.13.0
0.2.0
0.3.0
0.4.0
0.5.0
0.6.0
0.7.0
0.8.0
0.9.0
0.9.1