95 matches found
GHSA-GC89-7GCR-JXQC Buildkit credentials inlined to Git URLs could end up in provenance attestation
When the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1 Invoking build directly from a URL...
Buildkit credentials inlined to Git URLs could end up in provenance attestation
When the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1 Invoking build directly from a URL...
CVE-2023-26054
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...
Race condition
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...
CVE-2023-26054
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...
CVE-2023-26054
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...
CVE-2023-26054 Credentials inlined to Git URLs could end up in provenance attestation in BuildKit
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...
CVE-2023-26054 Credentials inlined to Git URLs could end up in provenance attestation in BuildKit
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...
SUSE CVE-2019-13139
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git...
CVE-2023-25167
Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There a...
CVE-2023-25167 Regular expression denial of service via installing themes via git in discourse
Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There a...
CVE-2023-25167 Regular expression denial of service via installing themes via git in discourse
Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There a...
CVE-2023-25167
Discourse is vulnerable to a regular expression denial of service via carefully crafted git URLs used to install themes. The issue affects affected Discourse versions and is caused by processing Git URLs in a way that can trigger RE DoS. Remediation: upgrade to the latest stable, beta, or tests-p...
parse-url cross-site scripting vulnerability
parse-url is an advanced url parser with git url support. A cross-site scripting vulnerability exists in parse-url versions prior to 7.0.0, which stems from the ability to run malicious JS code using ASCII characters starting with and all special escape characters starting with Unicode, which can...
parse-url 代码问题漏洞
parse-url is an advanced url parser with git url support from the individual developer Ionică Bizău. A code issue vulnerability exists in parse-url versions prior to 7.0.0, which stems from improper handling of usernames and passwords, undetected hostnames, and can be exploited by an attacker to...
ThoughtWorks GoCD Information Disclosure Vulnerability
ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. An information disclosure vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which could be exploited by an attacker with the right to create a new pipeline on the GoCD server by abusing the Git U...
CVE-2021-43286
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...
Design/Logic Flaw
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...
CVE-2021-43286
ThoughtWorks GoCD prior to 21.3.0 is affected by a command-line injection vulnerability in the Git URL “Test Connection” feature. An attacker who has privileges to create a new pipeline can exploit this to execute arbitrary code on the GoCD server. The issue is concrete in GoCD from the public ad...
ThoughtWorks GoCD 信息泄露漏洞
ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. An information disclosure vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which could be exploited by an attacker with the right to create a new pipeline on the GoCD server by abusing the Git U...