CVE CVE-2020-15095 Mappings

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://[[:]@][:][:][/]". The password value is not redacted and is printed to stdout and also to any generated log files.


Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CVE-2020-15095 cli primary_impact T1552 Unsecured Credentials