1783 matches found
GHSA-Q2MX-GPJF-3H8X 1Panel vulnerable to command injection when adding container repositories
Impact The authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. 1. Vulnerability analysis. backend\app\api\v1\imagerepo.gocreate backend\app\service\imagerepo.goCheckConn 2. vulnerability reproduction. POST /api/v1/containers/repo...
CVE-2023-36457
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6...
Improper Neutralization of Special Elements used in a Command ('Command Injection')
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6...
Information Disclosure
github.com/mattermost/mattermost-server is vulnerable to Information Disclosure. The vulnerability exists because the library fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a maliciously crafted permalink on a channel...
PT-2023-3543 · 1Panel · 1Panel
Name of the Vulnerable Software and Affected Versions: 1Panel versions prior to 1.3.6 Description: The issue is related to command injection when adding container repositories. An authenticated attacker can craft a malicious payload to achieve this. The vulnerability is due to the lack of proper...
Fake security researchers push malware files on GitHub
Researchers from VulnCheck have observed a campaign using real security researchers as bait for malware. The campaign goes to some lengths to appear genuine, using fake profiles, downloads, websites, and bogus GitHub profiles, to paint a convincing picture of security professionals offering up...
CVE-2023-2797
Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel...
CVE-2023-2797
Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel...
Code injection
Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel...
CVE-2023-2797 Path traversal in GitHub plugin's code preview feature
Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel...
CVE-2023-2797 Path traversal in GitHub plugin's code preview feature
Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel...
PT-2023-21463 · Unknown · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue allows an attacker to preview code from private repositories by posting a specially crafted permalink on a channel, due to the failure to sanitize code permalinks...
Fake Researcher Profiles Spread Malware through GitHub Repositories as PoC Exploits
At least half of dozen GitHub accounts from fake researchers associated with a fraudulent cybersecurity company have been observed pushing malicious repositories on the code hosting service. All seven repositories, which are still available as of writing, claim to be a proof-of-concept PoC exploi...
Fake Researcher Profiles Spread Malware through GitHub Repositories as PoC Exploits
At least half of dozen GitHub accounts from fake researchers associated with a fraudulent cybersecurity company have been observed pushing malicious repositories on the code hosting service. All seven repositories, which are still available as of writing, claim to be a proof-of-concept PoC exploi...
CVE-2023-2589
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker can clone a repository from a public project, from a disallowed IP, even after the...
maven: Block repositories using http by default
A flaw was found in maven. Repositories that are defined in a dependency’s Project Object Model pom, which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that...
git: exposure of sensitive information to a malicious actor
Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone where the source and target of the clone...
GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets
GitHub has announced the general availability of a new security feature called push protection , which aims to prevent developers from inadvertently leaking keys and other secrets in their code. The Microsoft-owned cloud-based repository hosting platform, which began testing the feature a year ag...
GitHub Extends Push Protection to Prevent Accidental Leaks of Keys and Other Secrets
GitHub has announced the general availability of a new security feature called push protection, which aims to prevent developers from inadvertently leaking keys and other secrets in their code. The Microsoft-owned cloud-based repository hosting platform, which began testing the feature a year ago...
git: exposure of sensitive information to a malicious actor
Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone where the source and target of the clone...