[NEXUS-25019] CVE-2020-24622: S3 secret key can be exposed by admin user - Sonatype JIRA

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.26.1
Fix Version/s: 3.27.0
Component/s: S3, Security
Labels:

Release Note:

Yes

Description

A nefarious admin user can retrieve the plain text of the S3 secret key

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Andrew Taylor

Last Updated By:: Joseph Stephens

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 08/21/20 09:29 PM

Updated:: 10/21/20 06:42 PM

Resolved:: 09/03/20 04:50 PM

tigCommentSecurity.panel-title