We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-30205

kanidm-provision leaks provisioned admin credentials into the system log



Description

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the (optional) kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system log. This only impacts users which both use the provided patches and provision their `admin` or `idm_admin` account credentials this way. No other credentials are affected. Users should recompile kanidm with the newest patchset from tag `v1.2.0` or higher. As a workaround, the user can set the log level `KANIDM_LOG_LEVEL` to any level higher than `info`, for example `warn`.

Reserved 2025-03-18 | Published 2025-03-24 | Updated 2025-03-24 | Assigner GitHub_M


HIGH: 7.6CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:N

Problem types

CWE-532: Insertion of Sensitive Information into Log File

Product status

< 1.2.0
affected

References

github.com/...vision/security/advisories/GHSA-57fc-pcqm-53rp

github.com/...ommit/a102b52e4a79be4263068577ba837f16c3e487a2

cve.org (CVE-2025-30205)

nvd.nist.gov (CVE-2025-30205)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-30205

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.