admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-29 05:56:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-326xx/CVE-2021-32638.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

172 lines
8.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-32638",
"sourceIdentifier": "security-advisories@github.com",
"published": "2021-05-25T17:15:08.290",
"lastModified": "2022-07-02T20:01:30.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing the GitHub token as a command-line parameter to the process instead of reading it from a file, standard input, or an environment variable. This approach made the token visible to other processes on the same machine, for example in the output of the `ps` command. If the CI system publicly exposes the output of `ps`, for example by logging the output, then the GitHub access token can be exposed beyond the scope intended. Users of the CodeQL runner on 3rd-party systems, who are passing a GitHub token via the `--github-auth` flag, are affected. This applies to both GitHub.com and GitHub Enterprise users. Users of the CodeQL Action on GitHub Actions are not affected. The `--github-auth` flag is now considered insecure and deprecated. The undocumented `--external-repository-token` flag has been removed. To securely provide a GitHub access token to the CodeQL runner, users should **do one of the following instead**: Use the `--github-auth-stdin` flag and pass the token on the command line via standard input OR set the `GITHUB_TOKEN` environment variable to contain the token, then call the command without passing in the token. The old flag remains present for backwards compatibility with existing workflows. If the user tries to specify an access token using the `--github-auth` flag, there is a deprecation warning printed to the terminal that directs the user to one of the above options. All CodeQL runner releases codeql-bundle-20210304 onwards contain the patches. We recommend updating to a recent version of the CodeQL runner, storing a token in your CI system's secret storage mechanism, and passing the token to the CodeQL runner using `--github-auth-stdin` or the `GITHUB_TOKEN` environment variable. If still using the old flag, ensure that process output, such as from `ps`, is not persisted in CI logs."
},
{
"lang": "es",
"value": "La acci\u00f3n CodeQL de Github es proporcionada para ejecutar el escaneo de c\u00f3digo basado en CodeQL en sistemas CI/CD que no son de GitHub y requiere un token de acceso de GitHub para conectarse a un repositorio de GitHub. El corredor y su documentaci\u00f3n sugirieron previamente pasar el token de GitHub como un par\u00e1metro command-line al proceso en lugar de leerlo desde un archivo, entrada est\u00e1ndar o una variable de entorno. Este enfoque hizo que el token fuera visible para otros procesos en la misma m\u00e1quina, por ejemplo, en la salida del comando \"ps\". Si el sistema de CI expone p\u00fablicamente la salida de \"ps\", por ejemplo, al registrar la salida, entonces el token de acceso de GitHub puede ser expuesto m\u00e1s all\u00e1 del alcance previsto. Los usuarios del corredor CodeQL en sistemas de terceros, que pasan un token de GitHub por medio de la marca \"--github-auth\", est\u00e1n afectados. Esto se aplica tanto a los usuarios de GitHub.com como a los de GitHub Enterprise. Los usuarios de la Action CodeQL en GitHub Actions no est\u00e1n afectados. El flag \"--github-auth\" ahora es considerado no seguro y obsoleto. La marca no documentada \"--external-repository-token\" ha sido eliminada. Para proporcionar de forma segura un token de acceso de GitHub al corredor de CodeQL, los usuarios deben ** hacer una de las siguientes acciones en su lugar **: Usar la marca \"--github-auth-stdin\" y pasar el token la l\u00ednea de comando por medio de la entrada est\u00e1ndar O establecer la variable de entorno \"GITHUB_TOKEN\" para contener el token, luego llame al comando sin pasar el token. La flag anterior permanece presente para compatibilidad con workflows existentes. Si el usuario intenta especificar un token de acceso usando el flag \"--github-auth\", se presenta una advertencia de desaprobaci\u00f3n impresa en el terminal que dirige al usuario a una de las opciones anteriores. Todas las versiones de CodeQL runner codeql-bundle-20210304 en adelante contienen los parches. Recomendamos actualizar a una versi\u00f3n reciente del corredor de CodeQL, almacenar un token el mecanismo de almacenamiento secreto de su sistema de CI y pasar el token al corredor de CodeQL usando \"--github-auth-stdin\" o la variable de entorno \"GITHUB_TOKEN\". Si todav\u00eda usa el flag anterior, aseg\u00farese de que la salida del proceso, como la de \"ps\", no se conserve en los registros de CI"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-214"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:codeql_action:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20210304",
"matchCriteriaId": "B638C39B-90B4-4A32-A79C-D5FF4217C727"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/github/codeql-action/commit/58defc0652e935f6f2ffc70a82828b98d75476fb",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/github/codeql-action/commit/88714e3a60e72ec53caa0e6a203652ee1f3fb1db",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/github/codeql-action/releases/tag/codeql-bundle-20210304",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/github/codeql-action/security/advisories/GHSA-g36v-2xff-pv5m",
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://www.netmeister.org/blog/passing-passwords.html",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink