Search criteria
3 vulnerabilities found for easybuild by easybuild_project
FKIE_CVE-2020-5262
Vulnerability from fkie_nvd - Published: 2020-03-19 17:15 - Updated: 2024-11-21 05:33
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/easybuilders/easybuild-framework/pull/3248 | Exploit, Third Party Advisory | |
| security-advisories@github.com | https://github.com/easybuilders/easybuild-framework/pull/3249 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/easybuilders/easybuild-framework/pull/3248 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/easybuilders/easybuild-framework/pull/3249 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| easybuild_project | easybuild | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:easybuild_project:easybuild:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E97403C7-E917-4667-BC90-39FA6DD8D591",
"versionEndExcluding": "4.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository."
},
{
"lang": "es",
"value": "En EasyBuild versiones anteriores a 4.1.2, el GitHub Personal Access Token (PAT) usado por EasyBuild para las funcionalidades de integraci\u00f3n de GitHub (como \"--new-pr\",\"--fro, -pr\", etc.) se muestra en texto plano en archivos de registro de depuraci\u00f3n de EasyBuild. Este problema es corregido en EasyBuild versi\u00f3n v4.1.2 y en las derivaciones \"master\"+\" develop\" del repositorio \"easybuild-framework\"."
}
],
"id": "CVE-2020-5262",
"lastModified": "2024-11-21T05:33:47.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-19T17:15:13.000",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/easybuilders/easybuild-framework/pull/3248"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/easybuilders/easybuild-framework/pull/3249"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/easybuilders/easybuild-framework/pull/3248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/easybuilders/easybuild-framework/pull/3249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-922"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-5262 (GCVE-0-2020-5262)
Vulnerability from cvelistv5 – Published: 2020-03-19 17:05 – Updated: 2024-08-04 08:22
VLAI?
Title
GitHub personal access token leaking into temporary EasyBuild (debug) logs
Summary
In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository.
Severity ?
7.7 (High)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| easybuilders | easybuild-framework |
Affected:
< 4.1.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/easybuilders/easybuild-framework/pull/3248"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/easybuilders/easybuild-framework/pull/3249"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "easybuild-framework",
"vendor": "easybuilders",
"versions": [
{
"status": "affected",
"version": "\u003c 4.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-19T17:05:16",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/easybuilders/easybuild-framework/pull/3248"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/easybuilders/easybuild-framework/pull/3249"
}
],
"source": {
"advisory": "GHSA-2wx6-wc87-rmjm",
"discovery": "UNKNOWN"
},
"title": "GitHub personal access token leaking into temporary EasyBuild (debug) logs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5262",
"STATE": "PUBLIC",
"TITLE": "GitHub personal access token leaking into temporary EasyBuild (debug) logs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "easybuild-framework",
"version": {
"version_data": [
{
"version_value": "\u003c 4.1.2"
}
]
}
}
]
},
"vendor_name": "easybuilders"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Insertion of Sensitive Information into Log File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm",
"refsource": "CONFIRM",
"url": "https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm"
},
{
"name": "https://github.com/easybuilders/easybuild-framework/pull/3248",
"refsource": "MISC",
"url": "https://github.com/easybuilders/easybuild-framework/pull/3248"
},
{
"name": "https://github.com/easybuilders/easybuild-framework/pull/3249",
"refsource": "MISC",
"url": "https://github.com/easybuilders/easybuild-framework/pull/3249"
}
]
},
"source": {
"advisory": "GHSA-2wx6-wc87-rmjm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5262",
"datePublished": "2020-03-19T17:05:16",
"dateReserved": "2020-01-02T00:00:00",
"dateUpdated": "2024-08-04T08:22:09.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5262 (GCVE-0-2020-5262)
Vulnerability from nvd – Published: 2020-03-19 17:05 – Updated: 2024-08-04 08:22
VLAI?
Title
GitHub personal access token leaking into temporary EasyBuild (debug) logs
Summary
In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository.
Severity ?
7.7 (High)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| easybuilders | easybuild-framework |
Affected:
< 4.1.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/easybuilders/easybuild-framework/pull/3248"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/easybuilders/easybuild-framework/pull/3249"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "easybuild-framework",
"vendor": "easybuilders",
"versions": [
{
"status": "affected",
"version": "\u003c 4.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-19T17:05:16",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/easybuilders/easybuild-framework/pull/3248"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/easybuilders/easybuild-framework/pull/3249"
}
],
"source": {
"advisory": "GHSA-2wx6-wc87-rmjm",
"discovery": "UNKNOWN"
},
"title": "GitHub personal access token leaking into temporary EasyBuild (debug) logs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5262",
"STATE": "PUBLIC",
"TITLE": "GitHub personal access token leaking into temporary EasyBuild (debug) logs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "easybuild-framework",
"version": {
"version_data": [
{
"version_value": "\u003c 4.1.2"
}
]
}
}
]
},
"vendor_name": "easybuilders"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Insertion of Sensitive Information into Log File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm",
"refsource": "CONFIRM",
"url": "https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm"
},
{
"name": "https://github.com/easybuilders/easybuild-framework/pull/3248",
"refsource": "MISC",
"url": "https://github.com/easybuilders/easybuild-framework/pull/3248"
},
{
"name": "https://github.com/easybuilders/easybuild-framework/pull/3249",
"refsource": "MISC",
"url": "https://github.com/easybuilders/easybuild-framework/pull/3249"
}
]
},
"source": {
"advisory": "GHSA-2wx6-wc87-rmjm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5262",
"datePublished": "2020-03-19T17:05:16",
"dateReserved": "2020-01-02T00:00:00",
"dateUpdated": "2024-08-04T08:22:09.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}