Zen-AI-Pentest has Shell Injection via untrusted issue title in ZenClaw Discord Integration workflow

Summary The ZenClaw Discord Integration GitHub Actions workflow is vulnerable to shell command injection. The issue title field, controllable by any GitHub user, is interpolated directly into a run shell block via a GitHub Actions template expression. An attacker can craft an issue title containi...

CVE-2022-4462

An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API respons...

CVE-2022-4462

An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API respons...

PT-2023-14519 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.8 through 15.7.8 GitLab versions 15.8 through 15.8.4 GitLab versions 15.9 through 15.9.2 Description: The issue could allow a user to unmask the Discord Webhook URL through viewing the raw API response. Recommendations: For...