CVE-2022-3474
26.10.2022, 19:15
A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3.Enginsight
| Vendor | Product | Version |
|---|---|---|
| bazel | 5.3.2 < 𝑥 < 5.3.2 | |
| bazel | 4.2.3 < 𝑥 < 4.2.3 | |
| bazel | 3.7.2 < 𝑥 < 3.7.2 | |
| bazel | 3.1.0 ≤ 𝑥 < 4.2.3 | |
| bazel | 5.0.0 ≤ 𝑥 < 5.3.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration