- Reported
-
- Issued
-
- Package
-
matrix-sdk
(crates.io)
- Type
-
Vulnerability
- Aliases
-
- References
-
- Patched
-
- Unaffected
-
Description
When sending Matrix requests using an affected version of matrix-sdk in an application that
writes logs using tracing-subscriber (in a way that includes fields of tracing spans such as
tracing_subscribers default text output from the fmt module), these logs will contain the
user's access token.
Advisory available under CC0-1.0
license.