Lucene search
+L

218 matches found

OSV
OSV
added 2020/03/19 5:29 p.m.43 views

GHSA-2WX6-WC87-RMJM GitHub personal access token leaking into temporary EasyBuild (debug) logs

Impact The GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --from-pr, etc. is shown in plain text in EasyBuild debug log files. Scope: the log message only appears in the top-level log file, not in the individual software installation logs see...

9.3CVSS6.2AI score0.00538EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2020/03/19 5:29 p.m.60 views

GitHub personal access token leaking into temporary EasyBuild (debug) logs

Impact The GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --from-pr, etc. is shown in plain text in EasyBuild debug log files. Scope: the log message only appears in the top-level log file, not in the individual software installation logs see...

7.7CVSS5.5AI score0.00538EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2020/03/19 5:15 p.m.14 views

CVE-2020-5262

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

7.7CVSS7.4AI score0.00538EPSS
Exploits1References3
Prion
Prion
added 2020/03/19 5:15 p.m.13 views

Information disclosure

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

2.1CVSS5.3AI score0.00538EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2020/03/19 5:15 p.m.23 views

PYSEC-2020-268

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

7.7CVSS3AI score0.00538EPSS
Exploits1References3
Cvelist
Cvelist
added 2020/03/19 5:5 p.m.21 views

CVE-2020-5262 GitHub personal access token leaking into temporary EasyBuild (debug) logs

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

7.7CVSS7.4AI score0.00538EPSS
Exploits1References3
NVD
NVD
added 2019/07/10 4:15 p.m.23 views

CVE-2018-19569

GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope...

8.8CVSS8.5AI score0.01884EPSS
Exploits0References3
OSV
OSV
added 2019/07/10 4:15 p.m.25 views

CVE-2018-19569

GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope...

8.8CVSS6.5AI score
Exploits0References3
Prion
Prion
added 2019/07/10 4:15 p.m.23 views

Authorization

GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope...

6.5CVSS8.5AI score0.01884EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2019/07/10 4:15 p.m.34 views

CVE-2018-19569

GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope...

8.8CVSS7.2AI score0.01884EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2019/07/10 3:56 p.m.44 views

CVE-2018-19569

Removed by vendor...

8.8CVSS7.3AI score0.01884EPSS
Exploits0
CVE
CVE
added 2019/07/10 3:56 p.m.61 views

CVE-2018-19569

GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization flaw that lets a user access the web UI using a Personal Access Token of any scope. The root cause is an authorization issue that improperly permits PAT-authenticat...

8.8CVSS7.9AI score0.01884EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/07/10 3:56 p.m.24 views

CVE-2018-19569

GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope...

7.7AI score0.01884EPSS
Exploits0References3
CNVD
CNVD
added 2018/12/05 12:0 a.m.6 views

GitLab CE/EE Sensitive Information Plaintext Storage Vulnerability

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. A sensitive informati...

9.8CVSS9AI score0.00932EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2018/10/29 12:0 a.m.513 views

Gitlab -- multiple vulnerabilities

Gitlab reports: RCE in Gitlab Wiki API SSRF in Hipchat integration Cleartext storage of personal access tokens Information exposure through stack trace error message Persistent XSS autocomplete Information exposure in stored browser history Information exposure when replying to issues through ema...

9.8CVSS0.7AI score0.06735EPSS
Exploits7References1
Kitploit
Kitploit
added 2018/04/12 1:17 p.m.25 views

Git-All-Secrets - A Tool To Capture All The Git Secrets By Leveraging Multiple Open Source Git Searching Tools

git-all-secrets is a tool that can: Clone multiple public/private github repositories of an organization and scan them, Clone multiplepublic/private github repositories of a user that belongs to an organization and scan them, Clone a single public/private repository of an organization and scan it...

6.5AI score
Exploits0References10
Hacker One
Hacker One
added 2017/04/03 10:16 a.m.19 views

Automattic: An Automattic employee's GitHub personal access token exposed in Travis CI build logs

An employee's GitHub OAuth token was inadvertently exposed in the Travis CI build logs of an Automattic project. This token has since been revoked. Please see https://blog.travis-ci.com/2017-05-08-security-advisory for more information...

1.5AI score
Exploits0
Hacker One
Hacker One
added 2017/03/23 4:47 p.m.36 views

HackerOne: A HackerOne employee's GitHub personal access token exposed in Travis CI build logs

Summary A HackerOne employee Reed Loden GitHub:reedloden exposed their personal access token twice in build logs of the rubysec/rubysec.github.io project: 1. 2015-12-10 2. 2016-03-01 Description The token has publicrepo scope, which means that it allows access to any public repos the owner accoun...

7AI score
Exploits0
Rows per page
Query Builder