CVE-2016-10526

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-10526

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10526.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-10526

Aliases

GHSA-rrj3-qmh8-72pf

Published

2018-05-31T20:29:00Z

Modified

2025-01-14T06:19:55.242832Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised.

References

Affected packages

Git / github.com/tschaub/grunt-gh-pages

Affected ranges

Type: GIT
Repo: https://github.com/tschaub/grunt-gh-pages
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

04a5b857f91b0ad5a328bb6dc76f69e89de5c6cb

Affected versions

v0.*

v0.1.0

v0.2.0

v0.3.0

v0.4.0

v0.5.0

v0.5.1

v0.6.0

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.7.5

v0.7.6

v0.8.0

v0.8.1