CVE-2022-39304
CVE-2022-39304 concerns ghinstallation, which provides a transport for GitHub Apps authentication. In ghinstallation version 1, if refreshing an installation token failed, the HTTP request and response were returned for debugging, revealing the App’s bearer JWT (short-lived, up to 10 minutes) to ...