Lucene search
GoogleOSV:CVE-2021-21432HistoryApr 09, 2021 - 6:15 p.m.
CVE-2021-21432
2021-04-0918:15:13
Google
osv.dev
4
vela
pipeline automation
linux container technology
golang
authentication mechanism
malicious user
secrets
~/.netrc file
github security advisory
fixed
version 0.7.5
software
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. An authentication mechanism added in version 0.7.0 enables some malicious user to obtain secrets utilizing the injected credentials within the ~/.netrc file. Refer to the referenced GitHub Security Advisory for complete details. This is fixed in version 0.7.5.
Related
veracode
veracode
Information Disclosure
2021-04-12 08:35:06
osv
osv
Reject unauthorized access with GitHub PATs
2022-02-15 01:57:18
Reject unauthorized access with GitHub PATs in github.com/go-vela/server
2024-08-21 15:29:02
cve
cve
CVE-2021-21432
2021-04-09 18:15:13
cvelist
cvelist
CVE-2021-21432 Reject unauthorized access with GitHub PATs
2021-04-09 18:10:14
nvd
nvd
CVE-2021-21432
2021-04-09 18:15:13
prion
prion
Authentication flaw
2021-04-09 18:15:00
github
github
Reject unauthorized access with GitHub PATs
2022-02-15 01:57:18