Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform
GHSA-65g2-x53q-cmf6 · CVE-2023-30618
Published · Modified
Description
Summary
Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the info logging level during the kitchen converge action. Prior to v7.0.0, the output values were printed at the debug level to avoid writing sensitive values to the terminal by default.
Original Report
@brettcurtis:
Hopefully, I'm not doing something stupid here, but I'm seeing sensitive outputs printed in the kitchen output. You can check this action for an example: https://github.com/osinfra-io/terraform-google-project/actions/runs/4700065515/jobs/8334277309#step:5:215
It's not really a sensitive value just used it as an example.
References
- WEB https://github.com/newcontext-oss/kitchen-terraform/security/advisories/GHSA-65g2-x53q-cmf6
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-30618
- WEB https://github.com/newcontext-oss/kitchen-terraform/commit/3d20d60e7a891e2dd747df995a31226fa0b4ac48
- PACKAGE https://github.com/newcontext-oss/kitchen-terraform
- WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/kitchen-terraform/CVE-2023-30618.yml
Ready to move
Start Securing
Free, no credit card | First findings in minutes