CVE-2016-10526
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2016-10526
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未经检查的错误条件
Source: NVD (National Vulnerability Database)
Vulnerability Title
gh-pages 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
gh-pages是一款能够使用Grunt将项目部署到Github页面的工具。 gh-pages 0.9.1之前版本中存在安全漏洞。攻击者可利用该漏洞将未加密的github凭证写入到日志文件中。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| HackerOne | grunt-gh-pages node module | <=0.9.1 | - |
II. Public POCs for CVE-2016-10526
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2016-10526
请登录查看更多情报信息。
Patches & Fixes for CVE-2016-10526 (1)
- https://github.com/tschaub/grunt-gh-pages/pull/41x_refsource_MISC
Other References for CVE-2016-10526 (1)
- https://nodesecurity.io/advisories/85x_refsource_MISC
Same Patch Batch · HackerOne · 2018-05-31 · 50 CVEs total
| CVE-2016-10550 | sequalize SQL注入漏洞 | |
| CVE-2016-10560 | galenframework-cli 安全漏洞 | |
| CVE-2016-10564 | apk-parser 安全漏洞 | |
| CVE-2016-10565 | operadriver 安全漏洞 | |
| CVE-2016-10569 | embedza 安全漏洞 | |
| CVE-2016-10571 | bkjs-wand 安全漏洞 | |
| CVE-2016-10572 | mongodb-instance 安全漏洞 | |
| CVE-2016-10563 | go-ipfs-deps模块安全漏洞 | |
| CVE-2016-10553 | sequalize SQL注入漏洞 | |
| CVE-2016-10552 | igniteui 安全漏洞 | |
| CVE-2016-10554 | sequelize 安全漏洞 | |
| CVE-2016-10549 | Sails 安全漏洞 | |
| CVE-2016-10548 | reduce-css-calc node模块安全漏洞 | |
| CVE-2016-10547 | Nunjucks 安全漏洞 | |
| CVE-2016-10546 | PouchDB 安全漏洞 | |
| CVE-2016-10544 | uws 安全漏洞 | |
| CVE-2016-10543 | call 安全漏洞 | |
| CVE-2016-10542 | ws 安全漏洞 | |
| CVE-2016-10541 | Thshell-quote 安全漏洞 | |
| CVE-2016-10540 | Minimatch 安全漏洞 |
Showing top 20 of 50 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same weakness: CWE-391
- CVE-2024-52316
Apache Tomcat: Authentication bypass when using Jakarta Auth - CVE-2022-20849
Cisco IOS XR Software Broadband Network Gateway PPPoE Denial - CVE-2024-23326
Envoy incorrectly accepts HTTP 200 response for entering upg - CVE-2023-32871
MediaTek 芯片 安全漏洞 - CVE-2023-0572
Unchecked Error Condition in froxlor/froxlor
V. Comments for CVE-2016-10526
No comments yet