Base Score

MEDIUM5.9

CVE-2024-6833

A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation.

VectorLOCAL

Published Byzowe-security@lists.openmainframeproject.org

Published DateJul 17, 2024, 15:15

Affected Versions(1)

@zowe/cli(npm)

Introduced7.18.0

Fixed7.23.5

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
@zowe/cli(npm)	7.18.0	7.23.5	N/A

CVSS Metrics

Base Score

5.9

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE

References

https://github.com/zowe/zowe-cli/

Base Score

MEDIUM5.9

CVSS Metrics

Base Score

5.9

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE