in:
https://github.com/phpmyadmin/scripts/blob/master/phpmyadmin-reports#L144
the 'GitHub authentication token' is passed via command-line arguments.
information that passed via command-line arguments can be leaked via different ways, such as:
* history (in case the command started without space)
* ps ef (other user can view the information via ps)
fix:
support receiving sensitive information via stdin or/and via file.
Reported by Emanuel Bronshtein:
in: https://github.com/phpmyadmin/scripts/blob/master/phpmyadmin-reports#L144 the 'GitHub authentication token' is passed via command-line arguments. information that passed via command-line arguments can be leaked via different ways, such as: * history (in case the command started without space) * ps ef (other user can view the information via ps)
fix: support receiving sensitive information via stdin or/and via file.