Skip to content

matrix-sdk 0.6.0 logs access tokens

Moderate severity GitHub Reviewed Published Oct 25, 2022 to the GitHub Advisory Database • Updated Jan 7, 2023

Package

cargo matrix-sdk (Rust)

Affected versions

>= 0.6.0, < 0.6.2

Patched versions

0.6.2

Description

When sending Matrix requests using an affected version of matrix-sdk in an application that writes logs using tracing-subscriber (in a way that includes fields of tracing spans such as tracing_subscribers default text output from the fmt module), these logs will contain the user's access token.

References

Published to the GitHub Advisory Database Oct 25, 2022
Reviewed Oct 25, 2022
Last updated Jan 7, 2023

Severity

Moderate

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-fc4h-xcf3-qj5f

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.