We found results for “


Good to know:


Date: September 14, 2020

A Sensitive Data Exposure was found in renovate before 23.25.1, Applies to Azure DevOps users only. The bot's token may be exposed in server or pipeline logs due to the http.extraheader=AUTHORIZATION parameter being logged without redaction. It is recommended that Azure DevOps users revoke their existing bot credentials and generate new ones after upgrading if there's a potential that logs have been saved to a location that others can view.

Language: JS

Severity Score

Severity Score

Top Fix


Upgrade Version

Upgrade to version 23.25.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): ADJACENT
Attack Complexity (AC): LOW
Privilegs Required (PR): NONE
User Interaction (UI): NONE
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us