CVE-2020-11059
HIGHCVSS 7.5/10EPSS 1.12%
Last modified
CVE-2020-11059 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.. EPSS estimates a 1.12% chance of exploitation in the next 30 days.
Description
In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Aegir Project | Aegir | >= 21.7.0, < 21.10.1 |
References
- https://github.com/ipfs/aegir/security/advisories/GHSA-qfcv-5whw-7pcwThird Party Advisory
- https://github.com/ipfs/aegir/security/advisories/GHSA-qfcv-5whw-7pcwThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-11059?
In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.
How severe is CVE-2020-11059?
CVE-2020-11059 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.12% probability of exploitation in the next 30 days.
How do I fix CVE-2020-11059?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2020-11059?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST