How severe is CVE-2022-39304?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2022-39304?

This is classified as CWE-209, which is a common weakness in software security.

CVE-2022-39304

MEDIUM Year: 2022

CVSS v3 Score

4.7

Medium

Weakness Type

CWE-209

View all →

Vulnerability Description

ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. The request contained the bearer JWT for the App, and was returned back to clients. This token is short lived (10 minute maximum). This issue has been patched and is available in version 2.0.0.

CVE-2024-30141

MEDIUM

CVSS:4.7(Medium)

HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its env...

CWE-2092024

CVE-2017-1370

MEDIUM

CVSS:4.9(Medium)

IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-...

CWE-2092017

CVE-2022-31229

MEDIUM

CVSS:4.9(Medium)

Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive inf...

CWE-2092022

CVE-2025-4166

MEDIUM

CVSS:4.5(Medium)

Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creati...

CWE-2092025

CVE-2020-27015

MEDIUM

CVSS:4.4(Medium)

Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An a...

CWE-2092020

CVE-2024-12380

MEDIUM

CVSS:4.4(Medium)

An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain u...

CWE-2092024

CVE-2022-39304

Vulnerability Description

Related Vulnerabilities

CVE-2024-30141

CVE-2017-1370

CVE-2022-31229

CVE-2025-4166

CVE-2020-27015

CVE-2024-12380