Description
IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a local user.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected products
- ibm / devops_deploy8.0.0.0 – 8.0.0.0
- ibm / devops_deploy8.0.1.4 – 8.0.1.4
- ibm / devops_deploy8.1.0.0 – 8.1.0.0
- ibm / urbancode_deploy7.1.2.21 – 7.1.2.21
- ibm / urbancode_deploy7.2 – 7.2
- ibm / urbancode_deploy7.0 – 7.0
- ibm / urbancode_deploy7.3 – 7.3
- ibm / urbancode_deploy7.3.2.9 – 7.3.2.9
- ibm / urbancode_deploy7.2.3.14 – 7.2.3.14
- ibm / urbancode_deploy7.0.5.25 – 7.0.5.25
- ibm / urbancode_deploy7.1 – 7.1