Slack Morphism for Rust before 0.41.0 can accidentally leak Slack OAuth client information in application debug logs

Main / Slack Morphism for Rust before 0.41.0 can accidentally leak Slack OAuth client information in application debug logs

Discription

### Impact
Potential/accidental leaking of Slack OAuth client information in application debug logs.

### Patches
More strict and secure debug formatting was introduced in v0.41 for OAuth secret types to avoid the possibility of printing sensitive information in application logs.

### Workarounds
Don’t print/output in logs request and responses for OAuth and client configurations.

### For more information
If you have any questions or comments about this advisory:
* Open an issue in the [repo](https://github.com/abdolence/slack-morphism-rust)
* Email us at [[email protected]](mailto:[email protected])Read More

References

Back to Main

Subscribe for the latest news: