Description
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.
Remediation
References
https://updates.snyk.io/snyk-broker-security-fixes-152338
https://snyk.io/vuln/SNYK-JS-SNYKBROKER-570613
Related Vulnerabilities
CVE-2019-16538 Vulnerability in maven package org.jenkins-ci.plugins:script-security
CVE-2019-16568 Vulnerability in maven package hudson.plugins.sctmexecutor:sctmexecutor
CVE-2020-13692 Vulnerability in maven package org.postgresql:postgresql
CVE-2018-20677 Vulnerability in maven package org.webjars.npm:bootstrap-sass
CVE-2017-15717 Vulnerability in maven package org.apache.sling:org.apache.sling.xss