Primary

Context

Janssen Project Password Logging Vulnerability in CLI Tool

Vulnerability

A vulnerability exists in the Janssen Project CLI tool, specifically in version 1.9.0 and prior, where passwords are logged in plaintext in the local 'cli_cmd.log' file. This issue has been addressed in the nightly prerelease and version 1.10.0.

Impact

This vulnerability could lead to unauthorized access to sensitive information, as plaintext passwords could be read by anyone with access to the log file.

Reproduction

The vulnerability can be reproduced by using the Janssen CLI tool to create a user or change a user's password. The password will be logged in plaintext in the 'cli_cmd.log' file.

Remediation

Users can upgrade to the nightly prerelease or version 1.10.0 to address this vulnerability.

Added: Aug 6, 2025, 12:22 AM

Updated: Aug 6, 2025, 12:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.3

remediation

7.7

relevance

0.3

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.3

remediation

7.7

relevance

0.3

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Janssen Project Password Logging Vulnerability in CLI Tool

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating