185 matches found
CVE-2023-26493
Cocos Engine is an open-source framework for building 2D & 3D real-time rendering and interactive content. In the github repo for Cocos Engine the web-interface-check.yml was subject to command injection. The web-interface-check.yml was triggered when a pull request was opened or updated and...
PT-2023-21716 · Onesignal · Onesignal
Name of the Vulnerable Software and Affected Versions: OneSignal affected versions not specified Description: The issue concerns a workflow triggered by closed issues, utilizing a GitHub repository token with full write permissions. This allows an attacker to potentially take over the GitHub...
The vulnerability of the Check Spelling web service on GitHub, related to the disclosure of information via the GITHUB_TOKEN token, allows a violator to gain unauthorized access to protected information.
The vulnerability of the Check Spelling web service from GitHub relates to the exposure of information through the GITHUBToken token. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the protected information. source-iocs-preserved...
Account Takeover
Description A malicious actor can setup a website on vercel.app with the vercel.app domain, after that, they can change the subdomain to something containing modrinth, This will allow a open redirect on https://api.modrinth.com/v2/auth/init?url=ATTACKERURL, allowing stealing the github token whic...
Lazyrecon - Tool To Automate Your Reconnaissance Process In An Organized Fashion
Lazyrecon is a subdomain discovery tool that finds and resolves valid subdomains then performs SSRF/LFI/SQLi fuzzing, brute-force and port scanning. It has a simple modular architecture and is optimized for speed while working with github and wayback machine. Features Super fast asynchronous...
CVE-2021-31913
In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirecturi were made during GitHub SSO token exchange...
CVE-2021-25774
In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user...
JetBrains TeamCity 安全漏洞
TeamCity is a Java-based build management and continuous integration server from JetBrains. A privilege control impropriety vulnerability exists in JetBrains TeamCity versions prior to 2020.2.1 that stems from a user being able to access another user's GitHub access token. No details of the...
PYSEC-2020-268
In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...
PYSEC-2020-41
In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...
Vercel: through %09 Character the attacker is able to steal Github Token [ Account Takeover ]
Summary: Hello i've found the filter will deleted this %09 character when checking the value parameter next in oauth which allow to attacker to bypass Filter and steal Oauth Token of user thats lead to account takeover ! Steps To Reproduce: 1. Go To...
Information disclosure
An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI...
CVE-2019-6797
An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI...
CVE-2019-6797
An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI...
CVE-2019-6797
Removed by vendor...
CVE-2019-6797
CVE-2019-6797 describes an information-disclosure in GitLab Enterprise Edition prior to 11.5.8, 11.6.x prior to 11.6.6, and 11.7.x prior to 11.7.1, where the GitHub token used in CI/CD for External Repos could be leaked to project maintainers in the UI. The NVD lists this as a high-severity issue...
Grammarly: Employee's GitHub Token Found In Travis CI Build Logs
Our Security Team was notified by researchers who identified a valid leaked Github token in Travis CI logs that allow accessing a limited number of Grammarly repositories. We immediately revoked the token and conducted investigation together with the Github support team. Based on the available...
CVE-2017-16225
aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user that performed a aegir-release GitHub token...
CVE-2017-16225
aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user that performed a aegir-release GitHub token...
Code injection
aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user that performed a aegir-release GitHub token...