Lucene search
K

1783 matches found

OSV
OSV
added 2023/07/05 9:38 p.m.21 views

GHSA-Q2MX-GPJF-3H8X 1Panel vulnerable to command injection when adding container repositories

Impact The authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. 1. Vulnerability analysis. backend\app\api\v1\imagerepo.gocreate backend\app\service\imagerepo.goCheckConn 2. vulnerability reproduction. POST /api/v1/containers/repo...

6.3CVSS7.5AI score0.01989EPSS
Exploits1References4
NVD
NVD
added 2023/07/05 9:15 p.m.12 views

CVE-2023-36457

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6...

8.8CVSS7.1AI score0.01989EPSS
Exploits1References2
GitLab Advisory Database
GitLab Advisory Database
added 2023/07/05 12:0 a.m.17 views

Improper Neutralization of Special Elements used in a Command ('Command Injection')

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6...

8.8CVSS7.3AI score0.01989EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2023/06/28 3:58 a.m.20 views

Information Disclosure

github.com/mattermost/mattermost-server is vulnerable to Information Disclosure. The vulnerability exists because the library fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a maliciously crafted permalink on a channel...

6.5CVSS6.9AI score0.00468EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/21 12:0 a.m.2 views

PT-2023-3543 · 1Panel · 1Panel

Name of the Vulnerable Software and Affected Versions: 1Panel versions prior to 1.3.6 Description: The issue is related to command injection when adding container repositories. An authenticated attacker can craft a malicious payload to achieve this. The vulnerability is due to the lack of proper...

9CVSS8.2AI score0.01989EPSS
Exploits1References10
Malwarebytes
Malwarebytes
added 2023/06/16 2:15 p.m.16 views

Fake security researchers push malware files on GitHub

Researchers from VulnCheck have observed a campaign using real security researchers as bait for malware. The campaign goes to some lengths to appear genuine, using fake profiles, downloads, websites, and bogus GitHub profiles, to paint a convincing picture of security professionals offering up...

7.2AI score
Exploits0
NVD
NVD
added 2023/06/16 10:15 a.m.15 views

CVE-2023-2797

Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel...

6.5CVSS5.1AI score0.00468EPSS
Exploits0References1
OSV
OSV
added 2023/06/16 10:15 a.m.10 views

CVE-2023-2797

Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel...

6.5CVSS7.2AI score
Exploits0References1
Prion
Prion
added 2023/06/16 10:15 a.m.17 views

Code injection

Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel...

4CVSS6.5AI score0.00468EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/06/16 9:3 a.m.21 views

CVE-2023-2797 Path traversal in GitHub plugin's code preview feature

Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel...

3.1CVSS6.7AI score0.00468EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/16 9:3 a.m.8 views

CVE-2023-2797 Path traversal in GitHub plugin's code preview feature

Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel...

3.1CVSS6.9AI score0.00468EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/16 12:0 a.m.6 views

PT-2023-21463 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue allows an attacker to preview code from private repositories by posting a specially crafted permalink on a channel, due to the failure to sanitize code permalinks...

6.5CVSS6.3AI score0.00468EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2023/06/14 10:21 a.m.102 views

Fake Researcher Profiles Spread Malware through GitHub Repositories as PoC Exploits

At least half of dozen GitHub accounts from fake researchers associated with a fraudulent cybersecurity company have been observed pushing malicious repositories on the code hosting service. All seven repositories, which are still available as of writing, claim to be a proof-of-concept PoC exploi...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/14 10:21 a.m.3 views

Fake Researcher Profiles Spread Malware through GitHub Repositories as PoC Exploits

At least half of dozen GitHub accounts from fake researchers associated with a fraudulent cybersecurity company have been observed pushing malicious repositories on the code hosting service. All seven repositories, which are still available as of writing, claim to be a proof-of-concept PoC exploi...

7.2AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/06/07 5:15 p.m.3 views

CVE-2023-2589

An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker can clone a repository from a public project, from a disallowed IP, even after the...

5.9CVSS5.8AI score0.00391EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2023/05/17 5:53 p.m.5 views

maven: Block repositories using http by default

A flaw was found in maven. Repositories that are defined in a dependency’s Project Object Model pom, which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that...

9.1CVSS6.5AI score0.08691EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2023/05/16 8:32 a.m.4 views

git: exposure of sensitive information to a malicious actor

Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone where the source and target of the clone...

5.5CVSS7.2AI score0.01336EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2023/05/11 5:1 a.m.3 views

GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets

GitHub has announced the general availability of a new security feature called push protection , which aims to prevent developers from inadvertently leaking keys and other secrets in their code. The Microsoft-owned cloud-based repository hosting platform, which began testing the feature a year ag...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/11 5:1 a.m.15 views

GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets

GitHub has announced the general availability of a new security feature called push protection, which aims to prevent developers from inadvertently leaking keys and other secrets in their code. The Microsoft-owned cloud-based repository hosting platform, which began testing the feature a year ago...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/05/09 10:3 a.m.4 views

git: exposure of sensitive information to a malicious actor

Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone where the source and target of the clone...

5.5CVSS7.2AI score0.01336EPSS
Exploits1References4
Rows per page
Query Builder