CVE-2022-0725 (https://github.com/ByteHackr/keepass_poc): A flaw was found in KeePass. The vulnerability occurs due to logging the plain text passwords in the system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs. No reference to any upstream issue.
The issue seems to be gone in version 2.54 [1], but it is not clear when it was fixed. [1] https://bugzilla.redhat.com/show_bug.cgi?id=2052696#c42
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2bebd95d0421c9e351075775e32f4d7b24bdb201 commit 2bebd95d0421c9e351075775e32f4d7b24bdb201 Author: Petr Vaněk <arkamar@gentoo.org> AuthorDate: 2024-09-02 12:08:17 +0000 Commit: Petr Vaněk <arkamar@gentoo.org> CommitDate: 2024-09-02 12:08:33 +0000 app-admin/keepass: drop 2.49, 2.53, 2.56 Bug: https://bugs.gentoo.org/835074 Bug: https://bugs.gentoo.org/908040 Signed-off-by: Petr Vaněk <arkamar@gentoo.org> app-admin/keepass/Manifest | 3 - .../files/keepass-2.36-xsl-path-detection.patch | 43 -------- app-admin/keepass/keepass-2.49.ebuild | 116 --------------------- app-admin/keepass/keepass-2.53.ebuild | 116 --------------------- app-admin/keepass/keepass-2.56.ebuild | 116 --------------------- 5 files changed, 394 deletions(-)
