Moderate severityNVD Advisory· Published Jul 7, 2020· Updated Aug 4, 2024
Sensitive information exposure through logs in npm cli
CVE-2020-15095
Description
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://[[:]@][:][:][/]". The password value is not redacted and is printed to stdout and also to any generated log files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
npmnpm | < 6.14.6 | 6.14.6 |
Affected products
131- osv-coords130 versionspkg:apk/chainguard/code-serverpkg:apk/chainguard/code-server-compatpkg:apk/chainguard/gitlab-rails-ce-18.1pkg:apk/chainguard/gitlab-rails-ce-18.2pkg:apk/chainguard/gitlab-rails-ce-18.3pkg:apk/chainguard/gitlab-rails-ce-18.4pkg:apk/chainguard/gitlab-rails-ce-18.5pkg:apk/chainguard/gitlab-rails-ce-18.6pkg:apk/chainguard/gitlab-rails-ce-18.7pkg:apk/chainguard/gitlab-rails-ce-assets-18.1pkg:apk/chainguard/gitlab-rails-ce-assets-18.10pkg:apk/chainguard/gitlab-rails-ce-assets-18.11pkg:apk/chainguard/gitlab-rails-ce-assets-18.2pkg:apk/chainguard/gitlab-rails-ce-assets-18.3pkg:apk/chainguard/gitlab-rails-ce-assets-18.4pkg:apk/chainguard/gitlab-rails-ce-assets-18.5pkg:apk/chainguard/gitlab-rails-ce-assets-18.6pkg:apk/chainguard/gitlab-rails-ce-assets-18.7pkg:apk/chainguard/gitlab-rails-ce-assets-18.8pkg:apk/chainguard/gitlab-rails-ce-assets-18.9pkg:apk/chainguard/gitlab-rails-ce-assets-fips-18.1pkg:apk/chainguard/gitlab-rails-ce-assets-fips-18.10pkg:apk/chainguard/gitlab-rails-ce-assets-fips-18.11pkg:apk/chainguard/gitlab-rails-ce-assets-fips-18.2pkg:apk/chainguard/gitlab-rails-ce-assets-fips-18.3pkg:apk/chainguard/gitlab-rails-ce-assets-fips-18.4pkg:apk/chainguard/gitlab-rails-ce-assets-fips-18.5pkg:apk/chainguard/gitlab-rails-ce-assets-fips-18.6pkg:apk/chainguard/gitlab-rails-ce-assets-fips-18.7pkg:apk/chainguard/gitlab-rails-ce-assets-fips-18.8pkg:apk/chainguard/gitlab-rails-ce-assets-fips-18.9pkg:apk/chainguard/gitlab-rails-ce-doc-18.1pkg:apk/chainguard/gitlab-rails-ce-doc-18.2pkg:apk/chainguard/gitlab-rails-ce-doc-18.3pkg:apk/chainguard/gitlab-rails-ce-doc-18.4pkg:apk/chainguard/gitlab-rails-ce-doc-18.5pkg:apk/chainguard/gitlab-rails-ce-doc-18.6pkg:apk/chainguard/gitlab-rails-ce-doc-18.7pkg:apk/chainguard/gitlab-rails-ce-doc-fips-18.1pkg:apk/chainguard/gitlab-rails-ce-doc-fips-18.2pkg:apk/chainguard/gitlab-rails-ce-doc-fips-18.3pkg:apk/chainguard/gitlab-rails-ce-doc-fips-18.4pkg:apk/chainguard/gitlab-rails-ce-doc-fips-18.5pkg:apk/chainguard/gitlab-rails-ce-doc-fips-18.6pkg:apk/chainguard/gitlab-rails-ce-doc-fips-18.7pkg:apk/chainguard/gitlab-rails-ce-fips-18.1pkg:apk/chainguard/gitlab-rails-ce-fips-18.2pkg:apk/chainguard/gitlab-rails-ce-fips-18.3pkg:apk/chainguard/gitlab-rails-ce-fips-18.4pkg:apk/chainguard/gitlab-rails-ce-fips-18.5pkg:apk/chainguard/gitlab-rails-ce-fips-18.6pkg:apk/chainguard/gitlab-rails-ce-fips-18.7pkg:apk/chainguard/gitlab-rails-ee-17.0pkg:apk/chainguard/gitlab-rails-ee-17.1pkg:apk/chainguard/gitlab-rails-ee-17.10pkg:apk/chainguard/gitlab-rails-ee-17.11pkg:apk/chainguard/gitlab-rails-ee-17.2pkg:apk/chainguard/gitlab-rails-ee-17.3pkg:apk/chainguard/gitlab-rails-ee-17.4pkg:apk/chainguard/gitlab-rails-ee-17.6pkg:apk/chainguard/gitlab-rails-ee-17.7pkg:apk/chainguard/gitlab-rails-ee-17.8pkg:apk/chainguard/gitlab-rails-ee-17.9pkg:apk/chainguard/gitlab-rails-ee-assets-17.10pkg:apk/chainguard/gitlab-rails-ee-assets-17.11pkg:apk/chainguard/gitlab-rails-ee-assets-17.2pkg:apk/chainguard/gitlab-rails-ee-assets-17.3pkg:apk/chainguard/gitlab-rails-ee-assets-17.4pkg:apk/chainguard/gitlab-rails-ee-assets-17.6pkg:apk/chainguard/gitlab-rails-ee-assets-17.7pkg:apk/chainguard/gitlab-rails-ee-assets-17.8pkg:apk/chainguard/gitlab-rails-ee-assets-17.9pkg:apk/chainguard/gitlab-rails-ee-assets-fips-17.10pkg:apk/chainguard/gitlab-rails-ee-assets-fips-17.11pkg:apk/chainguard/gitlab-rails-ee-assets-fips-17.2pkg:apk/chainguard/gitlab-rails-ee-assets-fips-17.3pkg:apk/chainguard/gitlab-rails-ee-assets-fips-17.4pkg:apk/chainguard/gitlab-rails-ee-assets-fips-17.6pkg:apk/chainguard/gitlab-rails-ee-assets-fips-17.7pkg:apk/chainguard/gitlab-rails-ee-assets-fips-17.8pkg:apk/chainguard/gitlab-rails-ee-assets-fips-17.9pkg:apk/chainguard/gitlab-rails-ee-doc-17.10pkg:apk/chainguard/gitlab-rails-ee-doc-17.11pkg:apk/chainguard/gitlab-rails-ee-doc-17.2pkg:apk/chainguard/gitlab-rails-ee-doc-17.3pkg:apk/chainguard/gitlab-rails-ee-doc-17.4pkg:apk/chainguard/gitlab-rails-ee-doc-17.6pkg:apk/chainguard/gitlab-rails-ee-doc-17.7pkg:apk/chainguard/gitlab-rails-ee-doc-17.8pkg:apk/chainguard/gitlab-rails-ee-doc-17.9pkg:apk/chainguard/gitlab-rails-ee-doc-fips-17.10pkg:apk/chainguard/gitlab-rails-ee-doc-fips-17.11pkg:apk/chainguard/gitlab-rails-ee-doc-fips-17.2pkg:apk/chainguard/gitlab-rails-ee-doc-fips-17.3pkg:apk/chainguard/gitlab-rails-ee-doc-fips-17.4pkg:apk/chainguard/gitlab-rails-ee-doc-fips-17.6pkg:apk/chainguard/gitlab-rails-ee-doc-fips-17.7pkg:apk/chainguard/gitlab-rails-ee-doc-fips-17.8pkg:apk/chainguard/gitlab-rails-ee-doc-fips-17.9pkg:apk/chainguard/gitlab-rails-ee-fips-17.0pkg:apk/chainguard/gitlab-rails-ee-fips-17.1pkg:apk/chainguard/gitlab-rails-ee-fips-17.10pkg:apk/chainguard/gitlab-rails-ee-fips-17.11pkg:apk/chainguard/gitlab-rails-ee-fips-17.2pkg:apk/chainguard/gitlab-rails-ee-fips-17.3pkg:apk/chainguard/gitlab-rails-ee-fips-17.4pkg:apk/chainguard/gitlab-rails-ee-fips-17.6pkg:apk/chainguard/gitlab-rails-ee-fips-17.7pkg:apk/chainguard/gitlab-rails-ee-fips-17.8pkg:apk/chainguard/gitlab-rails-ee-fips-17.9pkg:apk/wolfi/code-serverpkg:apk/wolfi/code-server-compatpkg:npm/npmpkg:rpm/almalinux/nodejs-nodemonpkg:rpm/almalinux/nodejs-packagingpkg:rpm/opensuse/nodejs10&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/nodejs12&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/nodejs14&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/nodejs8&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP1pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP2pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP2pkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP1pkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP2
< 0+ 129 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 6.14.6
- (no CPE)range: < 1.18.3-1.module_el8.3.0+2023+d2377ea3
- (no CPE)range: < 17-3.module_el8.4.0+2224+b07ac28e
- (no CPE)range: < 10.22.1-lp152.2.6.1
- (no CPE)range: < 12.18.4-lp152.3.6.1
- (no CPE)range: < 14.17.5-1.2
- (no CPE)range: < 8.17.0-lp151.2.21.1
- (no CPE)range: < 10.22.1-1.27.1
- (no CPE)range: < 10.22.1-1.27.1
- (no CPE)range: < 10.22.1-1.30.1
- (no CPE)range: < 10.22.1-1.27.1
- (no CPE)range: < 10.22.1-1.27.1
- (no CPE)range: < 10.22.1-1.27.1
- (no CPE)range: < 10.22.1-1.27.1
- (no CPE)range: < 12.18.4-1.20.1
- (no CPE)range: < 12.18.4-4.6.1
- (no CPE)range: < 8.17.0-3.38.1
- (no CPE)range: < 8.17.0-10.3.1
Patches
Vulnerability mechanics
References
11- lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.htmlghsavendor-advisoryx_refsource_SUSEWEB
- lists.opensuse.org/opensuse-security-announce/2020-10/msg00015.htmlghsavendor-advisoryx_refsource_SUSEWEB
- lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.htmlghsavendor-advisoryx_refsource_SUSEWEB
- github.com/advisories/GHSA-93f3-23rq-pjfpghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2020-15095ghsaADVISORY
- security.gentoo.org/glsa/202101-07ghsavendor-advisoryx_refsource_GENTOOWEB
- github.com/npm/cli/blob/66aab417f836a901f8afb265251f761bb0422463/CHANGELOG.mdghsax_refsource_MISCWEB
- github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbcghsax_refsource_MISCWEB
- github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfpghsax_refsource_CONFIRMWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6ghsaWEB
News mentions
0No linked articles in our index yet.