Werk 17145 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: Information leak in mknotifyd Class: security Compatible: compat Component: notifications Date: 1721042620 Edition: cee Level: 1 Version: 2.2.0p36 When a notification context is sent to mknotifyd a "result message" is generated by mknotifyd and sent back so the original site so it can show if there were problems handling that notification. This result message could contain secrets that were not meant to be sent to remote sites, e.g. passwords/secrets. These secrets were not processed by the remote site but a rough site would have been able to retrieve these. This issue was found during internal review. <em>Affected Versions</em>: LI: 2.3.0 LI: 2.2.0 LI: 2.1.0 LI: 2.0.0 (EOL) <em>Vulnerability Management</em>: We have rated the issue with a CVSS Score of 5.3 Medium (<code>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</code>) and assigned <code>CVE-2024-6747</code>. ------------------------------------<diff>------------------------------------------- Title: Information leak in mknotifyd Class: security Compatible: compat Component: notifications Date: 1721042620 Edition: cee Level: 1 - Version: 2.2.0p35 ? ^ + Version: 2.2.0p36 ? ^ When a notification context is sent to mknotifyd a "result message" is generated by mknotifyd and sent back so the original site so it can show if there were problems handling that notification. This result message could contain secrets that were not meant to be sent to remote sites, e.g. passwords/secrets. These secrets were not processed by the remote site but a rough site would have been able to retrieve these. This issue was found during internal review. <em>Affected Versions</em>: LI: 2.3.0 LI: 2.2.0 LI: 2.1.0 LI: 2.0.0 (EOL) <em>Vulnerability Management</em>: We have rated the issue with a CVSS Score of 5.3 Medium (<code>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</code>) and assigned <code>CVE-2024-6747</code>.