Lucene search
+L

95 matches found

OSV
OSV
added 2023/03/07 8:9 p.m.46 views

GHSA-GC89-7GCR-JXQC Buildkit credentials inlined to Git URLs could end up in provenance attestation

When the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1 Invoking build directly from a URL...

6.5CVSS7AI score0.01026EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2023/03/07 8:9 p.m.32 views

Buildkit credentials inlined to Git URLs could end up in provenance attestation

When the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1 Invoking build directly from a URL...

6.5CVSS6.1AI score0.01026EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2023/03/06 7:15 p.m.25 views

CVE-2023-26054

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

6.5CVSS6.8AI score0.01026EPSS
Exploits1References5
Prion
Prion
added 2023/03/06 7:15 p.m.19 views

Race condition

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

4.3CVSS6.5AI score0.01026EPSS
Exploits1References5Affected Software1
UbuntuCve
UbuntuCve
added 2023/03/06 7:15 p.m.27 views

CVE-2023-26054

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

6.5CVSS6.7AI score0.01026EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2023/03/06 6:5 p.m.56 views

CVE-2023-26054

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

6.5CVSS7.4AI score0.01026EPSS
Exploits1
Cvelist
Cvelist
added 2023/03/06 6:5 p.m.45 views

CVE-2023-26054 Credentials inlined to Git URLs could end up in provenance attestation in BuildKit

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

6.5CVSS7.5AI score0.01026EPSS
Exploits1References5
OSV
OSV
added 2023/03/06 6:5 p.m.24 views

CVE-2023-26054 Credentials inlined to Git URLs could end up in provenance attestation in BuildKit

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

6.5CVSS6.3AI score0.01026EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.3 views

SUSE CVE-2019-13139

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git...

8.4CVSS9.1AI score0.02025EPSS
Exploits1References3
NVD
NVD
added 2023/02/08 8:15 p.m.33 views

CVE-2023-25167

Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There a...

6.5CVSS6.2AI score0.00567EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/08 7:31 p.m.36 views

CVE-2023-25167 Regular expression denial of service via installing themes via git in discourse

Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There a...

6.5CVSS6.7AI score0.00567EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/08 7:31 p.m.3 views

CVE-2023-25167 Regular expression denial of service via installing themes via git in discourse

Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There a...

6.5CVSS6.7AI score0.00567EPSS
Exploits0References2
CVE
CVE
added 2023/02/08 7:31 p.m.64 views

CVE-2023-25167

Discourse is vulnerable to a regular expression denial of service via carefully crafted git URLs used to install themes. The issue affects affected Discourse versions and is caused by processing Git URLs in a way that can trigger RE DoS. Remediation: upgrade to the latest stable, beta, or tests-p...

6.5CVSS5.7AI score0.00567EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2022/07/08 12:0 a.m.20 views

parse-url cross-site scripting vulnerability

parse-url is an advanced url parser with git url support. A cross-site scripting vulnerability exists in parse-url versions prior to 7.0.0, which stems from the ability to run malicious JS code using ASCII characters starting with and all special escape characters starting with Unicode, which can...

9.1CVSS5.9AI score0.00961EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.6 views

parse-url 代码问题漏洞

parse-url is an advanced url parser with git url support from the individual developer Ionică Bizău. A code issue vulnerability exists in parse-url versions prior to 7.0.0, which stems from improper handling of usernames and passwords, undetected hostnames, and can be exploited by an attacker to...

9.8CVSS8.3AI score0.01544EPSS
Exploits1References3
CNVD
CNVD
added 2022/04/20 12:0 a.m.51 views

ThoughtWorks GoCD Information Disclosure Vulnerability

ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. An information disclosure vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which could be exploited by an attacker with the right to create a new pipeline on the GoCD server by abusing the Git U...

7.5CVSS1.6AI score0.28039EPSS
Exploits2References1
OSV
OSV
added 2022/04/14 1:15 p.m.20 views

CVE-2021-43286

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...

8.8CVSS7.7AI score
Exploits0References4
Prion
Prion
added 2022/04/14 1:15 p.m.18 views

Design/Logic Flaw

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...

6.5CVSS8.9AI score0.02715EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2022/04/14 12:55 p.m.87 views

CVE-2021-43286

ThoughtWorks GoCD prior to 21.3.0 is affected by a command-line injection vulnerability in the Git URL “Test Connection” feature. An attacker who has privileges to create a new pipeline can exploit this to execute arbitrary code on the GoCD server. The issue is concrete in GoCD from the public ad...

8.8CVSS8.9AI score0.02715EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2022/04/14 12:0 a.m.6 views

ThoughtWorks GoCD 信息泄露漏洞

ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. An information disclosure vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which could be exploited by an attacker with the right to create a new pipeline on the GoCD server by abusing the Git U...

7.5CVSS8.1AI score0.28039EPSS
Exploits2References4
Rows per page
Query Builder