Lucene search

[email protected]NVD:CVE-2023-42798

HistorySep 22, 2023 - 4:15 p.m.

CVE-2023-42798

2023-09-2216:15:09

CWE-20

[email protected]

web.nvd.nist.gov

automataci

git repository

vulnerability

version 1.5.0

release job reset

workaround

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

23.9%

JSON

AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the PROJECT_PATH_RELEASE (e.g. releases/) directory is manually and actually git cloned properly, making it a different git repostiory from the root git repository.

Affected configurations

Nvd

Node

hollowaykeanhoautomataciRange<1.5.0

VendorProductVersionCPE
hollowaykeanhoautomataci*cpe:2.3:a:hollowaykeanho:automataci:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hollowaykeanho	automataci	*	cpe:2.3:a:hollowaykeanho:automataci::::::::

References

github.com/ChewKeanHo/AutomataCI/issues/93

github.com/ChewKeanHo/AutomataCI/security/advisories/GHSA-6q23-vhhg-8h89

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

23.9%

JSON

Related for NVD:CVE-2023-42798

cvelist1 osv1 cve1 prion1