Search criteria
1 vulnerability by easybuilders
CVE-2020-5262 (GCVE-0-2020-5262)
Vulnerability from cvelistv5 – Published: 2020-03-19 17:05 – Updated: 2024-08-04 08:22
VLAI?
Title
GitHub personal access token leaking into temporary EasyBuild (debug) logs
Summary
In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository.
Severity ?
7.7 (High)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| easybuilders | easybuild-framework |
Affected:
< 4.1.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/easybuilders/easybuild-framework/pull/3248"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/easybuilders/easybuild-framework/pull/3249"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "easybuild-framework",
"vendor": "easybuilders",
"versions": [
{
"status": "affected",
"version": "\u003c 4.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-19T17:05:16",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/easybuilders/easybuild-framework/pull/3248"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/easybuilders/easybuild-framework/pull/3249"
}
],
"source": {
"advisory": "GHSA-2wx6-wc87-rmjm",
"discovery": "UNKNOWN"
},
"title": "GitHub personal access token leaking into temporary EasyBuild (debug) logs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5262",
"STATE": "PUBLIC",
"TITLE": "GitHub personal access token leaking into temporary EasyBuild (debug) logs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "easybuild-framework",
"version": {
"version_data": [
{
"version_value": "\u003c 4.1.2"
}
]
}
}
]
},
"vendor_name": "easybuilders"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Insertion of Sensitive Information into Log File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm",
"refsource": "CONFIRM",
"url": "https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm"
},
{
"name": "https://github.com/easybuilders/easybuild-framework/pull/3248",
"refsource": "MISC",
"url": "https://github.com/easybuilders/easybuild-framework/pull/3248"
},
{
"name": "https://github.com/easybuilders/easybuild-framework/pull/3249",
"refsource": "MISC",
"url": "https://github.com/easybuilders/easybuild-framework/pull/3249"
}
]
},
"source": {
"advisory": "GHSA-2wx6-wc87-rmjm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5262",
"datePublished": "2020-03-19T17:05:16",
"dateReserved": "2020-01-02T00:00:00",
"dateUpdated": "2024-08-04T08:22:09.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}