CVE-2020-5262

Опубликовано: 19 мар. 2020

Источник: nvd

CVSS3: 7.7

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like --new-pr, --fro,-pr, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the easybuild-framework repository.

Ссылки

https://github.com/easybuilders/easybuild-framework/pull/3248
Exploit
Third Party Advisory
https://github.com/easybuilders/easybuild-framework/pull/3249
Patch
Third Party Advisory
https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm
Third Party Advisory
https://github.com/easybuilders/easybuild-framework/pull/3248
Exploit
Third Party Advisory
https://github.com/easybuilders/easybuild-framework/pull/3249
Patch
Third Party Advisory
https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:easybuild_project:easybuild:*:*:*:*:*:*:*:*

Версия до 4.1.2 (исключая)

EPSS

Процентиль: 21%

0.00068

Низкий

7.7 High

CVSS3

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-532

CWE-922

Связанные уязвимости

GHSA-2wx6-wc87-rmjm

CVSS3: 7.7

github

почти 6 лет назад

GitHub personal access token leaking into temporary EasyBuild (debug) logs

EPSS

Процентиль: 21%

0.00068

Низкий

7.7 High

CVSS3

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-532

CWE-922