Lucene search
GoogleOSV:GHSA-FP2W-G92G-FGQ4HistoryApr 18, 2023 - 3:30 a.m.
@nuxtlabs/github-module made Use of Hard-coded Credentials
2023-04-1803:30:42
Google
osv.dev
7
nuxt
nuxtlabs
nuxt-themes
github
credentials
patch
software
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
67.8%
https://nuxt.com had a hardcoded GitHub token in the source code of the page. This token had access to multiple repositories under nuxt, nuxtlabs and nuxt-themes GitHub organizations. A patch in version 1.6.2 fixed the issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| @nuxtlabs/github-module | lt | 1.6.2 |
Related
cve
cve
CVE-2023-2138
2023-04-18 01:15:07
veracode
veracode
Token Disclosure
2023-04-20 04:16:35
cvelist
cvelist
CVE-2023-2138 Use of Hard-coded Credentials in nuxtlabs/github-module
2023-04-18 00:00:00
huntr
huntr
prion
prion
Hardcoded credentials
2023-04-18 01:15:00
osv
osv
CVE-2023-2138
2023-04-18 01:15:07
nvd
nvd
CVE-2023-2138
2023-04-18 01:15:07
github
github
@nuxtlabs/github-module made Use of Hard-coded Credentials
2023-04-18 03:30:42
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
67.8%
Related for OSV:GHSA-FP2W-G92G-FGQ4