Rewterz Threat Advisory – Citrix ADC, Gateway and Citrix SD-WAN WANOP Multiple Security Vulnerabilities
July 9, 2020Rewterz Threat Alert – Trickbot – Banking Trojan IOCs
July 9, 2020Rewterz Threat Advisory – Citrix ADC, Gateway and Citrix SD-WAN WANOP Multiple Security Vulnerabilities
July 9, 2020Rewterz Threat Alert – Trickbot – Banking Trojan IOCs
July 9, 2020Severity
Medium
Analysis Summary
Node.js npm-registry-fetch module could allow a remote attacker to obtain sensitive information, caused by the storing of user credentials in the log file. By gaining access to the log files, an attacker could exploit this vulnerability to obtain user credentials, and use this information to launch further attacks against the affected system.
Impact
Exposure of sensitive Information
Affected Vendors
NodeJs
Affected Products
- Node.js npm-registry-fetch 4.0.4
- Node.js npm-registry-fetch 8.1.0
Remediation
Upgrade to the latest version of npm-registry-fetch (4.0.5, 8.1.1 or later)