PT-2019-20070 — Information Disclosure in Renovate Renovate

PT-2019-20070 · Renovate · Renovate

Published

2019-10-21

Updated

2019-10-21

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Renovate versions prior to 19.38.7

Description Temporary repository tokens were leaked into Pull Requests comments during certain Go Modules update failure scenarios.

Recommendations For versions prior to 19.38.7, upgrade to version 19.38.7 or later. As a temporary workaround, consider disabling Go Modules support until the issue is resolved.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

GHSA-V7X3-7HW7-PCJG

Affected Products

Renovate

PT-2019-20070 · Renovate · Renovate

Weakness Enumeration

Related Identifiers

Affected Products

References · 5