CVE-2020-5262

Sažetak

In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository.

Reference

https://github.com/easybuilders/easybuild-framework/pull/3248
https://github.com/easybuilders/easybuild-framework/pull/3249
https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

23-03-2020 - 18:15

Objavljeno

19-03-2020 - 17:15