CVE-2022-39304

🗓️ 20 Dec 2022 20:10:15Reported by GitHub_MType

ghinstallation version 1 vulnerability allows exposing bearer JWT token, patched in 2.0.

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 10
Prion	Hardcoded credentials	20 Dec 202220:15	–	prion
Cvelist	CVE-2022-39304 ghinstallation returns app JWT in error responses	20 Dec 202219:52	–	cvelist
NVD	CVE-2022-39304	20 Dec 202220:15	–	nvd
RedhatCVE	CVE-2022-39304	23 Dec 202201:34	–	redhatcve
OSV	CVE-2022-39304	20 Dec 202220:15	–	osv
OSV	GHSA-H4Q8-96P6-JCGR ghinstallation returns app JWT in error responses	19 Dec 202222:48	–	osv
OSV	GO-2022-1178 JWT leak in github.com/bradleyfalzon/ghinstallation	22 Dec 202221:01	–	osv
Veracode	Information Disclosure	20 Dec 202205:04	–	veracode
Vulnrichment	CVE-2022-39304 ghinstallation returns app JWT in error responses	20 Dec 202219:52	–	vulnrichment
Github Security Blog	ghinstallation returns app JWT in error responses	19 Dec 202222:48	–	github

Nvd

Vulners

Node

ghinstallation_project ghinstallationRange<2.0.0

[
  {
    "vendor": "bradleyfalzon",
    "product": "ghinstallation",
    "versions": [
      {
        "version": "< 2.0.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/bradleyfalzon/ghinstallation/blob/24e56b3fb7669f209134a01eff731d7e2ef72a5c/transport.go
github	www.github.com/bradleyfalzon/ghinstallation/commit/d24f14f8be70d94129d76026e8b0f4f9170c8c3e
docs	www.docs.github.com/en/developers/apps/building-github-apps/authenticating-with-github-apps
github	www.github.com/bradleyfalzon/ghinstallation/security/advisories/GHSA-h4q8-96p6-jcgr

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

20 Dec 2022 20:15Current

4.9Medium risk

Vulners AI Score4.9

CVSS34.7 - 5

EPSS0.00034

SSVC

CWE-209