GitHub Personal Access Token (PAT) Exposed in EasyBuild Debug Log Files

GitHub Personal Access Token (PAT) Exposed in EasyBuild Debug Log Files

CVE-2020-5262 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository.

Learn more about our Web Application Penetration Testing UK.