Vulnerabilities > CVE-2016-10526 - Credentials Management vulnerability in Grunt-Gh-Pages Project Grunt-Gh-Pages

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

grunt-gh-pages-project

CWE-255

NVD

Published: 2018-05-31

Updated: 2019-10-09

Summary

A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised.

Vulnerable Configurations

Part	Description	Count
Application	Grunt-Gh-Pages_Project Grunt GH Pages Project Grunt GH Pages 0.1.0 Grunt GH Pages Project Grunt GH Pages 0.2.0 Grunt GH Pages Project Grunt GH Pages 0.3.0 Grunt GH Pages Project Grunt GH Pages 0.4.0 Grunt GH Pages Project Grunt GH Pages 0.5.0 Grunt GH Pages Project Grunt GH Pages 0.5.1 Grunt GH Pages Project Grunt GH Pages 0.6.0 Grunt GH Pages Project Grunt GH Pages 0.7.0 Grunt GH Pages Project Grunt GH Pages 0.7.1 Grunt GH Pages Project Grunt GH Pages 0.7.2 Grunt GH Pages Project Grunt GH Pages 0.7.3 Grunt GH Pages Project Grunt GH Pages 0.7.4 Grunt GH Pages Project Grunt GH Pages 0.7.5 Grunt GH Pages Project Grunt GH Pages 0.7.6 Grunt GH Pages Project Grunt GH Pages 0.8.0 Grunt GH Pages Project Grunt GH Pages 0.8.1 Grunt GH Pages Project Grunt GH Pages 0.9.0	17

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References