12 matches found
EUVD-2021-27278
Malware in sbrugna...
CVE-2021-40089
An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this setting disable...
BIT-EJBCA-2021-40089
An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this setting disable...
GO-2024-2482 Information leak in github.com/goreleaser/goreleaser
Secret values can be printed to the --debug log when using a a custom publisher...
`goreleaser release --debug` shows secrets
Summary Hello ๐ goreleaser release --debug log shows secret values used in the in the custom publisher. How to reproduce the issue: - Define a custom publisher as the one below. Make sure to provide a custom script to the cmd field and to provide a secret to env .goreleaser.yml publishers: - name...
GHSA-H3Q2-8WHX-C29H `goreleaser release --debug` shows secrets
Summary Hello ๐ goreleaser release --debug log shows secret values used in the in the custom publisher. How to reproduce the issue: - Define a custom publisher as the one below. Make sure to provide a custom script to the cmd field and to provide a secret to env .goreleaser.yml publishers: - name...
CVE-2024-23840
GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. goreleaser release --debug log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0...
CVE-2024-23840 `goreleaser release --debug` shows secrets
GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. goreleaser release --debug log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0...
PT-2024-1505 ยท Unknown ยท Goreleaser
Name of the Vulnerable Software and Affected Versions: GoReleaser versions prior to 1.24.0 Description: The issue is related to information disclosure through log files. When using a custom publisher with goreleaser release --debug, secret values used in the custom publisher are printed to the lo...
CVE-2021-40089
An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this setting disable...
CVE-2021-40089
An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this setting disable...
Primekey Solutions PrimeKey EJBCA ๅฎๅ จๆผๆด
Primekey Solutions PrimeKey EJBCA is a full-featured CA system software from PrimeKey Solutions Primekey Solutions, Sweden. The software is used for domain certificate management, enrollment and enrollment-to-certificate validation and other functions to achieve access security. A security...