GHSA-fc4h-xcf3-qj5f

Source

https://github.com/advisories/GHSA-fc4h-xcf3-qj5f

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-fc4h-xcf3-qj5f/GHSA-fc4h-xcf3-qj5f.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-fc4h-xcf3-qj5f

Aliases

RUSTSEC-2022-0062

Published

2022-10-25T20:22:19Z

Modified

2023-11-08T04:18:56.332015Z

Summary

matrix-sdk 0.6.0 logs access tokens

Details

When sending Matrix requests using an affected version of matrix-sdk in an application that writes logs using tracing-subscriber (in a way that includes fields of tracing spans such as tracing_subscribers default text output from the fmt module), these logs will contain the user's access token.

Database specific

{
    "severity": "MODERATE",
    "github_reviewed_at": "2022-10-25T20:22:19Z",
    "cwe_ids": [],
    "nvd_published_at": null,
    "github_reviewed": true
}

References

Affected packages

crates.io / matrix-sdk

Package

Name: matrix-sdk; View open source insights on deps.dev
Purl: pkg:cargo/matrix-sdk

Affected ranges

Type: SEMVER
Events: Introduced

0.6.0

Fixed

0.6.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-fc4h-xcf3-qj5f/GHSA-fc4h-xcf3-qj5f.json"