40
Medium
@pulumi/okta
AIKIDO-2024-10151: @pulumi/okta is vulnerable to Information Disclosure in versions 1.0.0 - 4.9.0.
Information Disclosure
Vuln in 1.0.0 - 4.9.0
Fixed in 4.9.1
No CVE available
TL;DR
Affected versions of @pulumi/okta did not mark sensitive keys as sensitive, which caused them to be exposed in Pulumi's state file (for example, when running pulumi preview --diff).
Who does this affect?
You're affected if you use a vulnerable version of @pulumi/okta.
How can it be fixed?
Upgrade @pulumi/okta to a patch version.
Are you
to these issues?
Connect your GitHub, GitLab, Bitbucket or Azure DevOps account to start scanning your repos for free.
Start For FreeYour data won't be shared · Read-only access
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US