Skip to content

[GHSA-6h5x-7c5m-7cr7] Exposure of Sensitive Information in eventsource #6045

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 10,000 commits into
base: Wrathchyld-GHSA-27v7-qhfv-rqq8
Choose a base branch
from
Open

[GHSA-6h5x-7c5m-7cr7] Exposure of Sensitive Information in eventsource #6045

wants to merge 10,000 commits into from

Conversation

Stonefox36
Copy link

Updates

  • Affected products
  • CVSS v3
  • Severity

Comments
Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)
Improper Removal of Sensitive Information Before Storage or Transfer (CWE-212)
Suggest improvements
Suggestions are submitted as a pull request to be reviewed by the GitHub Security Curators team.
Reason for change *

@advisory-database
Publish GHSA-f9hx-c6jf-3qxm
ab5ff96
@advisory-database
Publish GHSA-w2cq-g8g3-gm83
593cdd3
@advisory-database
Publish GHSA-pwq7-2gvj-vg9v
158c0af
@advisory-database
Publish GHSA-c9rc-mg46-23w3
0b38c70
@advisory-database
Publish Advisories
d3b2a75 
GHSA-67mf-3cr5-8w23
GHSA-67mf-3cr5-8w23
@advisory-database
Publish Advisories
1f71244 
GHSA-cg99-m88x-422c
GHSA-cg99-m88x-422c
@advisory-database
Publish GHSA-22wq-q86m-83fh
c2ae0bd
@advisory-database
Publish GHSA-xcxh-6cv4-q8p8
7f26fce
@advisory-database
Publish Advisories
a187941 
GHSA-jg74-mwgw-v6x3
GHSA-prpj-rchp-9j5h
@advisory-database
Publish Advisories
31c0bf3 
GHSA-222w-xmc5-jhp3
GHSA-222w-xmc5-jhp3
@advisory-database
Advisory Database Sync
527a375
@advisory-database
Publish Advisories
442196e 
GHSA-fvqr-27wr-82fm
GHSA-4xc9-xhrj-v574
GHSA-x5rq-j2xg-h7qm
@advisory-database
Publish GHSA-xcj6-4355-2823
b9c8bb4
@advisory-database
Publish Advisories
95c6886 
GHSA-jf85-cpcp-j695
GHSA-p6mc-m468-83gw
GHSA-35jh-r3h4-6jhm
GHSA-29mw-wpgm-hmr9
@advisory-database
Publish Advisories
5168c30 
GHSA-q334-476c-x4rf
GHSA-37cv-xgjm-xcp3
GHSA-3gfm-29q7-r2wc
GHSA-6cr5-7gw9-xv96
GHSA-f2cg-mh3r-wpw7
GHSA-g75j-5pq2-vg3h
GHSA-g7g5-6gx5-wpcq
GHSA-m3r3-6xwh-qjg6
GHSA-p38f-88h2-wj88
GHSA-p8vp-g3fv-qh99
GHSA-prgf-7h94-f4j3
@advisory-database
Publish Advisories
c718e01 
GHSA-28w9-qhgf-j4rh
GHSA-2cw7-hww6-h37w
GHSA-3m2x-p87c-pwv6
GHSA-832g-3rcm-wcrf
GHSA-9369-5fxh-crgj
GHSA-c4fm-x36h-pwf6
GHSA-fq24-jfwg-3h3p
GHSA-rx4h-pwfx-x49f
GHSA-w734-q8wh-m354
GHSA-xcpg-24q4-26m3
@advisory-database
Publish Advisories
82646fe 
GHSA-3pmf-hv4c-6384
GHSA-46v8-4jxx-4x39
GHSA-749m-qq5p-qp89
GHSA-fhmh-jw4r-2xp9
GHSA-v9f9-w6mf-7jqq
@advisory-database
Publish Advisories
5450c18 
GHSA-gwr6-5fvh-8v7r
GHSA-rfh5-gx7w-h7v7
GHSA-32vr-5hxf-x93f
GHSA-4jm8-qw96-rm2j
GHSA-57r6-94mj-2fjf
GHSA-698g-97rr-xgjf
GHSA-799j-gj9r-5852
GHSA-c2jm-6qr2-hwhx
GHSA-chjx-46j3-jv4m
GHSA-j9mr-p9r5-6rh3
GHSA-jhhq-jr7x-hf74
@advisory-database
Publish Advisories
bec9996 
GHSA-665q-2m8r-wpx6
GHSA-jf2j-r53v-m3v2
GHSA-29rm-xc84-5q8f
GHSA-3hxw-4626-cm6f
GHSA-3r5r-4r48-4hxh
GHSA-4cx2-fc23-5wg6
GHSA-59cw-99v5-r4m7
GHSA-7xr8-3rww-649w
GHSA-c2hr-5hqr-g5hw
GHSA-rqpw-qjw3-j3g6
@advisory-database
Publish GHSA-cfgp-2977-2fmm
07cace7
@advisory-database
Publish GHSA-9hxf-ppjv-w6rq
cd81956
@advisory-database
Publish GHSA-6628-q6j9-w8vg
61f0b5c
@advisory-database
Advisory Database Sync
3b1f04e
@advisory-database
Advisory Database Sync
7092acc
@advisory-database
Publish GHSA-gpmg-4x4g-mr5r
b8d430f
@advisory-database
Publish GHSA-mqcp-p2hv-vw6x
8476853
@advisory-database
Publish GHSA-prj3-ccx8-p6x4
a6a4032
@advisory-database
Publish GHSA-fcxq-v2r3-cc8h
6897daf
@advisory-database
Publish GHSA-7hfw-26vp-jp8m
b79b88c
@advisory-database
Publish Advisories
6fb5fbd 
GHSA-m5c7-5gv3-hcpf
GHSA-m5c7-5gv3-hcpf
advisory-database bot and others added 26 commits August 25, 2025 09:34
@advisory-database
Publish Advisories
6163cdf 
GHSA-2g3q-9hvf-4qgx
GHSA-3cpq-gx29-gw6m
GHSA-499q-9p4f-56jf
GHSA-jrxp-849g-pwgj
GHSA-r8xw-3q76-v2w7
GHSA-x9r8-77rv-89rp
@advisory-database
Publish Advisories
aac347d 
GHSA-9mgr-j5g2-cm6j
GHSA-f8xc-4qvv-m4c8
GHSA-pjqj-97gq-ff6g
@advisory-database
Publish GHSA-rx7m-68vc-ppxh
5aa95c9
@advisory-database
Advisory Database Sync
a1ea9ed
@advisory-database
Publish GHSA-qh3h-j545-h8c9
981812b
@advisory-database
Publish Advisories
98fafa7 
GHSA-cfh4-9f7v-fhrc
GHSA-fff3-4rp7-px97
GHSA-hm4x-r5hc-794f
@advisory-database
Publish GHSA-cjc8-g9w8-chfw
cb8b93c
@advisory-database
Publish GHSA-4gv9-mp8m-592r
7be5e93
@advisory-database
Publish Advisories
bcf40a5 
GHSA-6hgw-6x87-578x
GHSA-qp29-wxp5-wh82
@advisory-database
Publish Advisories
b7ad728 
GHSA-457r-cqc8-9vj9
GHSA-qq6h-5g6j-q3cm
@advisory-database
Publish Advisories
1c303c8 
GHSA-mm62-gwj5-j285
GHSA-w3cr-3xw2-rp78
GHSA-mm62-gwj5-j285
@advisory-database
Publish Advisories
13e7a79 
GHSA-84pp-qr92-95c9
GHSA-84pp-qr92-95c9
@advisory-database
Publish Advisories
1f305a9 
GHSA-3h7r-4xxj-3mfm
GHSA-h4m4-xp33-37mj
GHSA-3h7r-4xxj-3mfm
@advisory-database
Publish GHSA-crcq-738g-pqvc
fe3e685
@advisory-database
Publish Advisories
1d19de2 
GHSA-5cmr-4px5-23pc
GHSA-847f-9342-265h
@advisory-database
Publish Advisories
1500378 
GHSA-6hj4-v2qp-cqr2
GHSA-cv9j-mg9w-v7wm
GHSA-rvmf-jw8g-r35r
@advisory-database
Publish Advisories
bc06a45 
GHSA-23w4-rpc6-wpcc
GHSA-h8gx-4hhm-w45v
GHSA-mf9q-87xx-jgvv
@advisory-database
Publish GHSA-63cx-g855-hvv4
e223ca1
@advisory-database
Publish GHSA-pw25-c82r-75mm
41c8927
@advisory-database
Publish Advisories
05211f8 
GHSA-5c4f-pxmx-xcm4
GHSA-mqh4-2mm8-g7w9
@advisory-database
Publish GHSA-77rm-9x9h-xj3g
2a3d487
@advisory-database
Advisory Database Sync
ee39e80
@advisory-database
Publish Advisories
5bc3385 
GHSA-ww66-45gm-65fm
GHSA-23j9-36qq-2q2f
GHSA-2xjg-x2hw-6m93
GHSA-36rh-jh3r-836q
GHSA-3q6c-gxc3-h5vx
GHSA-4m92-9mpx-cmcg
GHSA-5829-pgch-7qw6
GHSA-9wjv-9mc7-hwv7
GHSA-c48j-9c86-pwjg
GHSA-gc7v-hcc9-x542
GHSA-m592-qjjf-q3cf
GHSA-q44x-qjgc-xhv8
GHSA-rw5q-23mh-r4c3
GHSA-wg88-6pq6-wm93
GHSA-wqjm-r535-pwhh
GHSA-wvhw-4f88-xp55
@advisory-database
Publish Advisories
f218441 
GHSA-2w62-9mm4-f88f
GHSA-6498-6rj5-p7pf
GHSA-86wx-cqq7-836p
GHSA-c537-5pcj-xcr2
GHSA-cpwx-wfp4-x368
GHSA-f35p-mp22-6w3m
GHSA-ghqf-9cr9-jv8g
GHSA-hvmc-rw2w-rr2q
GHSA-m2c3-fw95-62jv
GHSA-mg63-9vwr-f2mv
GHSA-r72f-fj6h-59qh
GHSA-rhxc-3j8r-hmmv
GHSA-xhh6-gv7c-xffj
@advisory-database
Publish Advisories
a1c9301 
GHSA-xrq2-m5w8-p5wg
GHSA-gq57-cpj2-wwmc
GHSA-j9g8-qf9r-46h2
GHSA-mhcc-g7mc-6pvh
GHSA-p7cr-g2x4-v4hg
GHSA-wj4r-j458-wpf8
@Stonefox36
Improve GHSA-6h5x-7c5m-7cr7
6dbad5b
@github-actions github-actions bot changed the base branch from main to Stonefox36/advisory-improvement-6045 August 26, 2025 10:39
@yhidad31
Copy link

Hi @Stonefox36, we see your CVSS suggestion CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H. Can you explain the rationale for changing Privileges Required and Availability from None to High, or link to analysis/supporting references? If you'd like, we can run this through the CVSS calculator: https://www.first.org/cvss/calculator/3-1 and the score can be updated if we agree.

@Stonefox36
Copy link
Author

Stonefox36 commented Aug 27, 2025 via email

@Stonefox36 Stonefox36 changed the base branch from Stonefox36/advisory-improvement-6045 to Wrathchyld-GHSA-27v7-qhfv-rqq8 August 27, 2025 00:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Stonefox36 @yhidad31