CVE-2025-53103
5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Summary
JUnit is a testing framework for Java and the JVM. From version 5.12.0 to 5.13.1, JUnit's support for writing Open Test Reporting XML files can leak Git credentials. The impact depends on the level of the access token exposed through the OpenTestReportGeneratingListener. If these test reports are published or stored anywhere public, then there is the possibility that a rouge attacker can steal the token and perform elevated actions by impersonating the user or app. This issue as been patched in version 5.13.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| junit-team | junit-framework | >= 5.12.0, < 5.13.2 | affected |
Weaknesses
- CWE-312: CWE-312: Cleartext Storage of Sensitive Information
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://github.com/junit-team/junit-framework/security/advisories/GHSA-m43g-m425-p68x
- https://github.com/junit-team/junit-framework/commit/d4fc834c8c1c0b3168cd030c13551d1d041f51bc
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.