CVE-2020-5262 Information

Feb 14, 2021 cve

Description

In EasyBuild before version 4.1.2 the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like --new-pr --fro-pr etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2 and in the master+ develop branches of the easybuild-framework repository.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://github.com/easybuilders/easybuild-framework/pull/3248 https://github.com/easybuilders/easybuild-framework/pull/3249 https://github.com/easybuilders/easybuild-framework/security/advisories/GHSA-2wx6-wc87-rmjm

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.5

Share on: