EUVD-2023-1065

Malicious code in bioql PyPI...

CVE-2023-23939

Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This...

CVE-2023-23939 Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower

Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This...

CVE-2023-23939

CVE-2023-23939 concerns the Azure/setup-kubectl GitHub Action (Kubectl installer). Affected versions prior to 3.0 suffer from insecure temporary file creation that makes the Kubectl binary world-writable, allowing any local actor on the Actions runner to replace it. The installer uses fs.chmodSyn...

Azure setup-kubectl 安全漏洞

setup-kubectl is a tool to install kubectl in Azure cloud. A security vulnerability exists in Azure setup-kubectl versions prior to 3.0. An attacker can escalate privileges by exploiting the vulnerability...

PT-2023-19310 · Microsoft · Azure/Setup-Kubectl

Name of the Vulnerable Software and Affected Versions: Azure/setup-kubectl versions prior to 3 Description: The issue arises from an insecure temporary creation of a file, allowing other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable...