CVE-2016-10526

A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly...

CVE-2016-10526

A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly...

Github Token Leak

Overview Affected versions of aegir bundle and publish the current users github token to npm when aegir-release is executed. Recommendation Update to version 12.0.8 or later. If you used this module to do a release for your project you should invalidate the GitHub tokens that were leaked...

CVE-2017-1000110

CVE-2017-1000110 concerns the Jenkins Blue Ocean plugin. Connected documents confirm that Blue Ocean allowed creation of GitHub organization folders that scan for repositories/branches with a Jenkinsfile and create pipelines, but did not properly verify the current user’s authentication/authoriza...