218 matches found
GHSA-2WX6-WC87-RMJM GitHub personal access token leaking into temporary EasyBuild (debug) logs
Impact The GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --from-pr, etc. is shown in plain text in EasyBuild debug log files. Scope: the log message only appears in the top-level log file, not in the individual software installation logs see...
GitHub personal access token leaking into temporary EasyBuild (debug) logs
Impact The GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --from-pr, etc. is shown in plain text in EasyBuild debug log files. Scope: the log message only appears in the top-level log file, not in the individual software installation logs see...
CVE-2020-5262
In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...
Information disclosure
In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...
PYSEC-2020-268
In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...
CVE-2020-5262 GitHub personal access token leaking into temporary EasyBuild (debug) logs
In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...
CVE-2018-19569
GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope...
CVE-2018-19569
GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope...
Authorization
GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope...
CVE-2018-19569
GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope...
CVE-2018-19569
Removed by vendor...
CVE-2018-19569
GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization flaw that lets a user access the web UI using a Personal Access Token of any scope. The root cause is an authorization issue that improperly permits PAT-authenticat...
CVE-2018-19569
GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope...
GitLab CE/EE Sensitive Information Plaintext Storage Vulnerability
GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. A sensitive informati...
Gitlab -- multiple vulnerabilities
Gitlab reports: RCE in Gitlab Wiki API SSRF in Hipchat integration Cleartext storage of personal access tokens Information exposure through stack trace error message Persistent XSS autocomplete Information exposure in stored browser history Information exposure when replying to issues through ema...
Git-All-Secrets - A Tool To Capture All The Git Secrets By Leveraging Multiple Open Source Git Searching Tools
git-all-secrets is a tool that can: Clone multiple public/private github repositories of an organization and scan them, Clone multiplepublic/private github repositories of a user that belongs to an organization and scan them, Clone a single public/private repository of an organization and scan it...
Automattic: An Automattic employee's GitHub personal access token exposed in Travis CI build logs
An employee's GitHub OAuth token was inadvertently exposed in the Travis CI build logs of an Automattic project. This token has since been revoked. Please see https://blog.travis-ci.com/2017-05-08-security-advisory for more information...
HackerOne: A HackerOne employee's GitHub personal access token exposed in Travis CI build logs
Summary A HackerOne employee Reed Loden GitHub:reedloden exposed their personal access token twice in build logs of the rubysec/rubysec.github.io project: 1. 2015-12-10 2. 2016-03-01 Description The token has publicrepo scope, which means that it allows access to any public repos the owner accoun...