CVE-2020-5262: Insecure Storage of Sensitive Information

March 19, 2020 (updated March 23, 2020)

In EasyBuild, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like --new-pr, --fro,-pr, etc.) is shown in plain text in EasyBuild debug log files.

References

nvd.nist.gov/vuln/detail/CVE-2020-5262

Detect and mitigate CVE-2020-5262 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →