Information Disclosure Affecting easybuild-framework package, versions [,4.1.2)
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-EASYBUILDFRAMEWORK-560854
- published 20 Mar 2020
- disclosed 16 Mar 2020
- credit Lars Viklund
Introduced: 16 Mar 2020
CVE-2020-5262 Open this link in a new tabHow to fix?
Upgrade easybuild-framework
to version 4.1.2 or higher.
Overview
easybuild-framework is a software build and installation framework that allows you to manage (scientific) software on High Performance Computing (HPC) systems in an efficient way.
Affected versions of this package are vulnerable to Information Disclosure. The GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like --new-pr
, --from-pr
, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master
+ develop
branches of the easybuild-framework
repository.