7.7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
20.4%
In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like --new-pr
, --fro,-pr
, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master
+ develop
branches of the easybuild-framework
repository.
[
{
"product": "easybuild-framework",
"vendor": "easybuilders",
"versions": [
{
"status": "affected",
"version": "< 4.1.2"
}
]
}
]