CVE-2024-41178HIGHCVSS 7.5≥ 0.5.0, ≤ 0.10.12024-07-23
CVE-2024-41178 [HIGH] CWE-532 CVE-2024-41178: Exposure of temporary credentials in logs in Apache Arrow Rust Object Store (`object_store` crate),
Exposure of temporary credentials in logs in Apache Arrow Rust Object Store (`object_store` crate), version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens.
On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdenti
cvelistv5nvd