ZoweUsers: NPM vulnerability affecting Zowe CLI secure-credentials-store from Nov 4 to Nov 5 2021 #1362
Joe-Winchester
announced in
Announcements
ZoweUsers: NPM vulnerability affecting Zowe CLI secure-credentials-store from Nov 4 to Nov 5 2021
#1362
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
We were informed of a published vulnerability in NPM dependencies which affected Zowe CLI’s secure-credential-store during the time period of Nov 4th to Nov 5th. If you installed the plugin from npmjs.org during the vulnerable window of time via a direct command line install, you should follow the recommended resolution steps from the security advisory here
You are not affected if you downloaded the secure credential store plugin from zowe.org or a Zowe support conformant vendor (IBM or Broadcom).
You are not affected if you downloaded from any source prior to Nov 4.
The following component versions were affected:
@zowe/secure-credential-store-for-zowe-cli@zowe-v1-lts
@zowe/secure-credential-store-for-zowe-cli@latest
If you issued one of these commands Nov 4 or Nov 5, you should follow the above resolution steps:
“zowe plugins install @zowe/secure-credential-store-for-zowe-cli@zowe-v1-lts”
“zowe plugins install @zowe/secure-credential-store-for-zowe-cli@latest”
If you are a Zowe Developer please read the associated announcement ZoweDevelopers: NPM Vulnerabiity affecting Zowe components APIML, Zowe Desktop, Zowe CLI and Imperative
Beta Was this translation helpful? Give feedback.
All reactions