Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2022-39304
HistoryDec 20, 2022 - 8:15 p.m.

Hardcoded credentials

2022-12-2020:15:00
PRIOn knowledge base
www.prio-n.com
4
hardcoded credentials
ghinstallation
github apps
authentication
http
request
response
debugging
token
version 2.0.0
nvd

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. The request contained the bearer JWT for the App, and was returned back to clients. This token is short lived (10 minute maximum). This issue has been patched and is available in version 2.0.0.

CPENameOperatorVersion
ghinstallationlt2.0.0

Related

cve 1
veracode 1
cvelist 1
nvd 1
osv 3
github 1
redhatcve 1
cve
cve
CVE-2022-39304
2022-12-20 20:15:10
veracode
veracode
Information Disclosure
2022-12-20 05:04:23
cvelist
cvelist
CVE-2022-39304 ghinstallation returns app JWT in error responses
2022-12-20 19:52:28
nvd
nvd
CVE-2022-39304
2022-12-20 20:15:10
osv
osv
JWT leak in github.com/bradleyfalzon/ghinstallation
2022-12-22 21:01:01
CVE-2022-39304
2022-12-20 20:15:10
ghinstallation returns app JWT in error responses
2022-12-19 22:48:32
github
github
ghinstallation returns app JWT in error responses
2022-12-19 22:48:32
redhatcve
redhatcve
CVE-2022-39304
2022-12-23 01:34:59

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON
Related for PRION:CVE-2022-39304
cve1veracode1cvelist1nvd1osv3github1redhatcve1