CVE-2016-10526

HIGH Year: 2016
CVSS v3 Score
8.6
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-391
View all →

Vulnerability Description

A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised.

Related Vulnerabilities

CVE-2024-23326

HIGH
CVSS:8.2(High)

Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response...

CWE-3912024

CVE-2017-12176

CRITICAL
CVSS:9.8(Critical)

xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CWE-3912017

CVE-2017-12177

CRITICAL
CVSS:9.8(Critical)

xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CWE-3912017

CVE-2017-12178

CRITICAL
CVSS:9.8(Critical)

xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CWE-3912017

CVE-2017-12179

CRITICAL
CVSS:9.8(Critical)

xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CWE-3912017

CVE-2017-12180

CRITICAL
CVSS:9.8(Critical)

xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.

CWE-3912017