Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
The HL7 FHIR IG publisher may potentially expose GitHub repo user and credential information
Vulnerability Description
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and credential based URL, the entire URL will be included in the built Implementation Guide, exposing username and credential. This does not impact users that clone public repos without credentials, such as those using the auto-ig-build continuous integration infrastructure. This problem has been patched in release 1.8.9. Some workarounds are available. Users should ensure the IG repo they are publishing does not have username or credentials included in the `origin` URL. Running the command `git remote origin url` should return a URL that contains no username, password, or token; or users should run the IG Publisher CLI with the `-repo` parameter and specify a URL that contains no username, password, or token.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
HL7 FHIR IG Publisher Artifacts 信息泄露漏洞
Vulnerability Description
HL7 FHIR IG Publisher Artifacts是Health Level Seven International开源的一个用于获取一组输入的工具。 HL7 FHIR IG Publisher Artifacts 1.8.9版本之前存在信息泄露漏洞,该漏洞源于如果存储库已被克隆,或者设置为使用基于用户名和凭据的URL的存储库,则整个URL将包含在构建的实施指南中,并公开用户名和凭据。
CVSS Information
N/A
Vulnerability Type
N/A