CVE-2022-39397 MEDIUM

CVE-2022-39397: Exposure of sensitive information in aliyun-oss-client

Vendor Tu6Ge

Product oss-rs

Weakness CWE-200 · Info exposure

Published November 22, 2022

Last update April 23, 2025

View on NVD All CVEs

CVSS base score

5.6/10

Attack vector Physical

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

What the vulnerability does

01Description

aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of this library will be affected, the incoming secret will be disclosed unintentionally. This issue has been patched in version 0.8.1.

Key dates

02Disclosure timeline

November 22, 2022 CVE published

April 23, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-39397 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2024-28164 Information Disclosure vulnerability in SAP NetWeaver AS Java (Guided Procedures) CVE-2025-11697 Studio 5000 ® Simulation Interface Local Code Execution CVE-2025-11634 Tomofun Furbo 360/Furbo Mini UART information disclosure CVE-2019-7005 Unauthenticated Information Disclosure Vulnerability in IP Office CVE-2024-31219 Discourse-reactions' reaction data and public topic whisper content exposed on reactions given user activity page