Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2025/08/29 5:44 p.m.2 views

CVE-2025-58158 Harness Affected by Arbitrary File Write in Gitness LFS server

Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server Gitness exposes api to retrieve and upload files via git LFS. Implementation ...

8.8CVSS6.5AI score0.00534EPSS
Exploits0References2
CVE
CVE
added 2025/08/29 5:44 p.m.24 views

CVE-2025-58158

CVE-2025-58158 affects Harness Open Source Gitness (git LFS server). Prior to version 3.3.0, the upload git LFS file API allowed arbitrary file writes due to improper sanitization of the upload path, enabling a malicious authenticated user with access to the Harness Gitness API to write files any...

8.8CVSS6.5AI score0.00534EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/29 4:41 p.m.10 views

Harness Allows Arbitrary File Write in Gitness LFS server

Impact Open Source Harness git LFS server Gitness exposes api to retrieve and upload files via git LFS. Implementation of upload git LFS file api is vulnerable to arbitrary file write. Due to improper sanitization for upload path, a malicious authenticated user who has access to Harness Gitness...

8.8CVSS7.2AI score0.00534EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/08/29 4:41 p.m.5 views

GHSA-W469-HJ2F-JPR5 Harness Allows Arbitrary File Write in Gitness LFS server

Impact Open Source Harness git LFS server Gitness exposes api to retrieve and upload files via git LFS. Implementation of upload git LFS file api is vulnerable to arbitrary file write. Due to improper sanitization for upload path, a malicious authenticated user who has access to Harness Gitness...

8.8CVSS7.2AI score0.00534EPSS
Exploits0References4
Rows per page
Query Builder