CVE-2023-46255
- Source
- https://cve.org/CVERecord?id=CVE-2023-46255
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-46255.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-46255
- Aliases
- Related
- Published
- 2023-10-31T15:25:24.933Z
- Modified
- 2026-05-16T11:53:10.100560646Z
- Severity
-
- 4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- `SPICEDB_DATASTORE_CONN_URI` is leaked when URI cannot be parsed
- Details
-
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed (e.g. by having a password which contains
:) the full URI (including the provided password) is printed, so that the password is shown in the logs. Version 1.27.0-rc1 patches this issue. - Database specific
{ "cwe_ids": [ "CWE-532" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/46xxx/CVE-2023-46255.json" }- References