GHSA-QHH4-458H-XWH2: GHSA-qhh4-458h-xwh2: Credential Leakage via Origin Validation Error in cdxgen

1 / 2

GHSA-QHH4-458H-XWH2: GHSA-qhh4-458h-xwh2: Credential Leakage via Origin Validation Error in cdxgen

DEV Community·CVE Reports·24 days ago

#WAoqcIG7

#security #cve #cybersecurity #ghsa #cdxgen #cyclonedx

Reading 0:00

15s threshold

GHSA-qhh4-458h-xwh2: Credential Leakage via Origin Validation Error in cdxgen Vulnerability ID: GHSA-QHH4-458H-XWH2 CVSS Score: 5.3 Published: 2026-05-08 The @cyclonedx/cdxgen package is vulnerable to credential leakage due to improper Docker registry origin validation. A flaw in how registry authentication endpoints are matched against configured credentials allows arbitrary downstream registries to capture private credentials. TL;DR Versions 9.9.5 through 12.3.2 of @cyclonedx/cdxgen leak Docker registry credentials due to an insecure substring matching implementation. Upgrading to version 12.3.3 resolves the vulnerability by introducing strict hostname normalization.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

GHSA-QHH4-458H-XWH2: GHSA-qhh4-458h-xwh2: Credential Leakage via Origin Validation Error in cdxgen