CVE-2023-30618

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-30618

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-30618.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-30618

Aliases

GHSA-65g2-x53q-cmf6

Published

2023-04-21T19:34:56Z

Modified

2025-10-20T20:17:36.614451Z

Severity

3.2 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N CVSS Calculator

Summary

Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform

Details

Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the info logging level during the kitchen converge action. Prior to v7.0.0, the output values were printed at the debug level to avoid writing sensitive values to the terminal by default. An attacker would need access to the local machine in order to gain access to these logs during an operation. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cwe_ids": [
        "CWE-532"
    ]
}

References

Affected packages

Git / github.com/newcontext-oss/kitchen-terraform

Affected ranges

Type: GIT
Repo: https://github.com/newcontext-oss/kitchen-terraform
Events: Introduced

805d8fcb99893781f717615ed9664c9d84bda633

Fixed

3d20d60e7a891e2dd747df995a31226fa0b4ac48

Affected versions

v7.*

v7.0.0