Lucene search
K

185 matches found

NVD
NVD
added 2023/03/27 10:15 p.m.49 views

CVE-2023-26493

Cocos Engine is an open-source framework for building 2D & 3D real-time rendering and interactive content. In the github repo for Cocos Engine the web-interface-check.yml was subject to command injection. The web-interface-check.yml was triggered when a pull request was opened or updated and...

8.8CVSS8.6AI score0.02907EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/03/27 12:0 a.m.4 views

PT-2023-21716 · Onesignal · Onesignal

Name of the Vulnerable Software and Affected Versions: OneSignal affected versions not specified Description: The issue concerns a workflow triggered by closed issues, utilizing a GitHub repository token with full write permissions. This allows an attacker to potentially take over the GitHub...

8.1CVSS8.1AI score0.00905EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2022/10/21 12:0 a.m.9 views

The vulnerability of the Check Spelling web service on GitHub, related to the disclosure of information via the GITHUB_TOKEN token, allows a violator to gain unauthorized access to protected information.

The vulnerability of the Check Spelling web service from GitHub relates to the exposure of information through the GITHUBToken token. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the protected information. source-iocs-preserved...

10CVSS7.7AI score0.02334EPSS
Exploits0References4Affected Software1
Huntr
Huntr
added 2022/10/15 10:17 a.m.17 views

Account Takeover

Description A malicious actor can setup a website on vercel.app with the vercel.app domain, after that, they can change the subdomain to something containing modrinth, This will allow a open redirect on https://api.modrinth.com/v2/auth/init?url=ATTACKERURL, allowing stealing the github token whic...

0.8AI score
Exploits0
Kitploit
Kitploit
added 2021/07/02 12:30 p.m.110 views

Lazyrecon - Tool To Automate Your Reconnaissance Process In An Organized Fashion

Lazyrecon is a subdomain discovery tool that finds and resolves valid subdomains then performs SSRF/LFI/SQLi fuzzing, brute-force and port scanning. It has a simple modular architecture and is optimized for speed while working with github and wayback machine. Features Super fast asynchronous...

7AI score
Exploits0References15
OSV
OSV
added 2021/05/11 1:15 p.m.4 views

CVE-2021-31913

In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirecturi were made during GitHub SSO token exchange...

7.5CVSS7.1AI score0.00706EPSS
Exploits0References2
OSV
OSV
added 2021/02/03 4:15 p.m.5 views

CVE-2021-25774

In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user...

4.3CVSS5.8AI score0.00652EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/02/03 12:0 a.m.8 views

JetBrains TeamCity 安全漏洞

TeamCity is a Java-based build management and continuous integration server from JetBrains. A privilege control impropriety vulnerability exists in JetBrains TeamCity versions prior to 2020.2.1 that stems from a user being able to access another user's GitHub access token. No details of the...

4.3CVSS5.8AI score0.00652EPSS
Exploits0References2
PyPA
PyPA
added 2020/03/19 5:15 p.m.6 views

PYSEC-2020-268

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

7.7CVSS6.8AI score0.00538EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2020/03/19 5:15 p.m.9 views

PYSEC-2020-41

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...

7.7CVSS6.8AI score0.00538EPSS
Exploits1References3Affected Software1
Hacker One
Hacker One
added 2019/12/22 3:4 a.m.31 views

Vercel: through %09 Character the attacker is able to steal Github Token [ Account Takeover ]

Summary: Hello i've found the filter will deleted this %09 character when checking the value parameter next in oauth which allow to attacker to bypass Filter and steal Oauth Token of user thats lead to account takeover ! Steps To Reproduce: 1. Go To...

0.7AI score
Exploits0
Prion
Prion
added 2019/05/17 4:29 p.m.18 views

Information disclosure

An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI...

5CVSS7.1AI score0.01526EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2019/05/17 4:29 p.m.24 views

CVE-2019-6797

An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI...

7.5CVSS7.1AI score0.01526EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/05/17 3:59 p.m.20 views

CVE-2019-6797

An information disclosure issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitHub token used in CI/CD for External Repos was being leaked to project maintainers in the UI...

7.5AI score0.01526EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2019/05/17 3:59 p.m.16 views

CVE-2019-6797

Removed by vendor...

7.5CVSS7.1AI score0.01526EPSS
Exploits0
CVE
CVE
added 2019/05/17 3:59 p.m.53 views

CVE-2019-6797

CVE-2019-6797 describes an information-disclosure in GitLab Enterprise Edition prior to 11.5.8, 11.6.x prior to 11.6.6, and 11.7.x prior to 11.7.1, where the GitHub token used in CI/CD for External Repos could be leaked to project maintainers in the UI. The NVD lists this as a high-severity issue...

7.5CVSS7AI score0.01526EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2019/02/16 2:5 a.m.22 views

Grammarly: Employee's GitHub Token Found In Travis CI Build Logs

Our Security Team was notified by researchers who identified a valid leaked Github token in Travis CI logs that allow accessing a limited number of Grammarly repositories. We immediately revoked the token and conducted investigation together with the Github support team. Based on the available...

0.4AI score
Exploits0
NVD
NVD
added 2018/06/07 2:29 a.m.26 views

CVE-2017-16225

aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user that performed a aegir-release GitHub token...

7.5CVSS7.5AI score0.01177EPSS
Exploits0References1
OSV
OSV
added 2018/06/07 2:29 a.m.24 views

CVE-2017-16225

aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user that performed a aegir-release GitHub token...

7.5CVSS7.8AI score
Exploits0References1
Prion
Prion
added 2018/06/07 2:29 a.m.11 views

Code injection

aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user that performed a aegir-release GitHub token...

5CVSS7.5AI score0.01177EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder