Lucene search

GoogleOSV:GO-2023-1504

HistoryAug 20, 2024 - 8:25 p.m.

act vulnerable to arbitrary file upload in artifact server in github.com/nektos/act

2024-08-2020:25:58

Google

osv.dev

vulnerable

arbitrary file upload

artifact server

github.com

nektos

software

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

EPSS

0.005

Percentile

76.5%

JSON

act vulnerable to arbitrary file upload in artifact server in github.com/nektos/act

References

github.com/nektos/act/blob/master/pkg/artifacts/server.go#L65

github.com/nektos/act/blob/v0.2.35/pkg/artifacts/server.go#L245

github.com/nektos/act/blob/v0.2.35/pkg/artifacts/server.go#LL103C2-L103C2

github.com/nektos/act/commit/63ae215071f94569d910964bdee866d91d6e3a10

github.com/nektos/act/issues/1553

github.com/nektos/act/releases/tag/v0.2.40

github.com/nektos/act/security/advisories/GHSA-pc99-qmg4-rcff

nvd.nist.gov/vuln/detail/CVE-2023-22726

securitylab.github.com/advisories/GHSL-2023-004_act

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

EPSS

0.005

Percentile

76.5%

JSON

Related for OSV:GO-2023-1504