In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. The key for Authorization header is not sanitized and in certain cases the Authorization header value can be logged exposing a bearer token. You are affected by this vulnerability if you are using the auth0 npm package, and you are using a Machine to Machine application authorized to use Auth0's management API
                
            Metrics
Affected Vendors & Products
References
        History
                    No history.
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-07-29T16:25:15
Updated: 2024-08-04T13:08:22.304Z
Reserved: 2020-06-25T00:00:00
Link: CVE-2020-15125
 Vulnrichment
                        Vulnrichment
                    No data.
 NVD
                        NVD
                    Status : Modified
Published: 2020-07-29T17:15:13.577
Modified: 2024-11-21T05:04:52.543
Link: CVE-2020-15125
 Redhat
                        Redhat
                    No data.