14 matches found
EUVD-2023-51105
Malicious code in bioql PyPI...
CVE-2023-46944
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...
Metasploit Weekly Wrap-Up 04/26/24
Rancher Modules This week, Metasploit community member h00die added the second of two modules targeting Rancher instances. These modules each leak sensitive information from vulnerable instances of the application which is intended to manage Kubernetes clusters. These are a great addition to...
GitLens Git Local Configuration Execution Exploit
GitKraken GitLens versions prior to 14.0.0 allow an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10. This module require...
GitLens Git Local Configuration Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLens Git Local Configuration Exec', 'Description' = %q GitKraken GitLens before v.14.0.0 allows an untrusted workspace to execute git commands...
GitLens Git Local Configuration Exec
GitKraken GitLens before v.14.0.0 allows an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10 Module Options msf use...
CVE-2023-46944
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...
CVE-2023-46944
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...
CVE-2023-46944
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...
Authorization
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...
GitLens Security Breach
GitLens is a feature-enhancing plugin for VSCode. A security vulnerability exists in versions prior to GitLens v.14.0.0, which stems from a vulnerability that allows an attacker to execute arbitrary code via a crafted file...
CVE-2023-46944
CVE-2023-46944 affects GitKraken GitLens plugins for VSCode prior to 14.0.0. A crafted file can be used to coerce the Visual Studio Code workspace trust component into executing arbitrary code, via a local attack vector. Root cause cited: insufficient input validation in GitLens workflow context ...
CVE-2023-46944
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...
PT-2023-9085 · Microsoft +1 · Visual Studio Code +1
Name of the Vulnerable Software and Affected Versions: GitKraken GitLens versions prior to 14.0.0 Description: The issue is related to insufficient input validation in the GitKraken GitLens plugin for Visual Studio Code, allowing an attacker to execute arbitrary code via a crafted file. This can ...