Information Exposure Vulnerability in npm CLI: Passwords Printed in Log Files
CVE-2020-15095 · MEDIUM Severity
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.
Learn more about our User Device Pen Test.