{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6833", "assignerOrgId": "b1336bef-059d-4e13-b11b-9a6ef21b3c78", "state": "PUBLISHED", "assignerShortName": "Zowe", "dateReserved": "2024-07-17T14:41:37.247Z", "datePublished": "2024-07-17T14:41:37.598Z", "dateUpdated": "2024-08-01T21:45:38.354Z"}, "containers": {"cna": {"title": "Zowe CLI Auto-Init Leaks Credentials Locally", "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-257: Storing Passwords in a Recoverable Format"}]}, {"descriptions": [{"lang": "en", "description": "CWE-313: Cleartext Storage in a File or on Disk"}]}], "affected": [{"vendor": "Open Mainframe Project", "product": "Zowe", "versions": [{"version": "7.18.0", "status": "affected", "lessThan": "7.23.5", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation."}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"baseScore": 5.9, "baseSeverity": "MEDIUM", "version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C/CR:M/IR:X/AR:X/MAV:L/MAC:L/MPR:L/MUI:R/MS:C/MC:H/MI:N/MA:N"}}], "solutions": [{"lang": "en", "value": "This issue is fixed in Zowe CLI 7.23.5 or later, included as part of Zowe 2.16.0 or later."}], "exploits": [{"lang": "en", "value": "There are no known exploits of this issue."}], "credits": [{"lang": "en", "value": "Broadcom Inc.", "type": "reporter"}], "providerMetadata": {"orgId": "b1336bef-059d-4e13-b11b-9a6ef21b3c78", "shortName": "Zowe", "dateUpdated": "2024-07-17T14:41:37.598Z"}, "references": [{"tags": ["product"], "url": "https://github.com/zowe/zowe-cli/"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-17T15:25:46.275201Z", "id": "CVE-2024-6833", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T15:26:04.582Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:45:38.354Z"}, "title": "CVE Program Container", "references": [{"tags": ["product", "x_transferred"], "url": "https://github.com/zowe/zowe-cli/"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/zowe/zowe-cli/", "tags": ["product", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:45:38.354Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6833", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-17T15:25:46.275201Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T15:26:00.409Z"}}], "cna": {"title": "Zowe CLI Auto-Init Leaks Credentials Locally", "credits": [{"lang": "en", "type": "reporter", "value": "Broadcom Inc."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C/CR:M/IR:X/AR:X/MAV:L/MAC:L/MPR:L/MUI:R/MS:C/MC:H/MI:N/MA:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Open Mainframe Project", "product": "Zowe", "versions": [{"status": "affected", "version": "7.18.0", "lessThan": "7.23.5", "versionType": "semver"}]}], "exploits": [{"lang": "en", "value": "There are no known exploits of this issue."}], "solutions": [{"lang": "en", "value": "This issue is fixed in Zowe CLI 7.23.5 or later, included as part of Zowe 2.16.0 or later."}], "references": [{"url": "https://github.com/zowe/zowe-cli/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-257: Storing Passwords in a Recoverable Format"}]}, {"descriptions": [{"lang": "en", "description": "CWE-313: Cleartext Storage in a File or on Disk"}]}], "providerMetadata": {"orgId": "b1336bef-059d-4e13-b11b-9a6ef21b3c78", "shortName": "Zowe", "dateUpdated": "2024-07-17T14:41:37.598Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6833", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:45:38.354Z", "dateReserved": "2024-07-17T14:41:37.247Z", "assignerOrgId": "b1336bef-059d-4e13-b11b-9a6ef21b3c78", "datePublished": "2024-07-17T14:41:37.598Z", "assignerShortName": "Zowe"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in Zowe CLI allows local, privileged actors to store previously entered secure credentials in a plaintext file as part of an auto-init operation."}, {"lang": "es", "value": "Una vulnerabilidad en Zowe CLI permite a actores locales privilegiados almacenar credenciales seguras ingresadas previamente en un archivo de texto plano como parte de una operaci\u00f3n de inicio autom\u00e1tico."}], "id": "CVE-2024-6833", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-07-17T15:15:14.783", "references": [{"source": "[email protected]", "url": "https://github.com/zowe/zowe-cli/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/zowe/zowe-cli/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred"}

{}

{}