Lucene search
K

4 matches found

The Hacker News
The Hacker News
added 2025/09/23 9:20 a.m.3 views

GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security

GitHub on Monday announced that it will be changing its authentication and publishing options "in the near future" in response to a recent wave of supply chain attacks targeting the npm ecosystem, including the Shai-Hulud attack. This includes steps to address threats posed by token abuse and...

6.7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/03/10 4:2 a.m.4 views

SUSE CVE-2023-26054

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

6.5CVSS6.8AI score0.01026EPSS
Exploits1References3
OSV
OSV
added 2023/03/06 7:15 p.m.2 views

UBUNTU-CVE-2023-26054

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

6.5CVSS7AI score0.01026EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/03/06 12:0 a.m.5 views

PT-2023-20454 · Buildctl +2 · Buildctl +2

Name of the Vulnerable Software and Affected Versions: BuildKit versions v0.11.0 through v0.11.3 Description: The issue arises when a build request contains a Git URL with credentials and creates a provenance attestation describing the build. These credentials could be visible from the provenance...

6.5CVSS6.2AI score0.01026EPSS
Exploits1References26
Rows per page
Query Builder