CVE-2020-5262

Summary

In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like --new-pr, --fro,-pr, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the easybuild-framework repository.

Affected Software

VendorProductVersion RangeStatus
easybuilderseasybuild-framework< 4.1.2affected

Weaknesses

  • CWE-532: CWE-532: Insertion of Sensitive Information into Log File

ADP Enrichment

CVE Program Container

Additional References

References