160 matches found
GO-2025-3521 Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes
Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes...
Unauthorised Access
k8s.io/kubernetes is vulnerable to Unauthorized Access. The vulnerability is due to improper isolation of gitRepo volumes, which allows users with pod creation permissions to access git repositories from other pods on the same node...
GHSA-3WGM-2GW2-VH5M Kubernetes GitRepo Volume Inadvertent Local Repository Access
A security vulnerability was discovered in Kubernetes that could allow a user with create pod permission to exploit gitRepo volumes to access local git repositories belonging to other pods on the same node. This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone...
BIT-GITLAB-2025-1042 Files or Directories Accessible to External Parties in GitLab
An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way...
CVE-2025-1042 Files or Directories Accessible to External Parties in GitLab
An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way...
PT-2025-6823 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 15.7 through 17.6.5 GitLab EE versions 17.7 through 17.7.4 GitLab EE versions 17.8 through 17.8.2 Description: An insecure direct object reference vulnerability exists in GitLab EE. This issue allows an attacker to view...
GitLab Enterprise Edition 安全漏洞
GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition that stems from an insecure direct object reference that results in unauthorized repository access...
PT-2025-5344 · Github · Codeql Action +1
Name of the Vulnerable Software and Affected Versions: CodeQL Action versions prior to 3.28.3 CodeQL CLI versions prior to 2.20.3 Description: In certain circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain environment variables from t...
CVE-2025-22130
Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositories as if they were an admin user without...
GHSA-J4JW-M6XR-FV6C Soft Serve vulnerable to path traversal attacks
Impact Path traversal attack gives access to existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositories as if they were an admin user without explicitly giving them permissions. Patches This is patched in v0.8...
CVE-2025-22130 Soft Serve allows path traversal attacks
Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositories as if they were an admin user without...
CVE-2025-22130
CVE-2025-22130 affects the Soft Serve Git server. Prior to version 0.8.2, a path traversal vulnerability lets existing non-admin users access and take over other users’ repositories, enabling modification, deletion, and arbitrary admin-like actions on repositories without explicit permissions. Th...
CVE-2025-22130 Soft Serve allows path traversal attacks
Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositories as if they were an admin user without...
CVE-2025-22130 Soft Serve allows path traversal attacks
Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositories as if they were an admin user without...
forgejo -- multiple vulnerabilities
Problem Description: It was possible to use a token sent via email for secondary email validation to reset the password instead. In other words, a token sent for a given action registration, password reset or secondary email validation could be used to perform a different action. It is no longer...
CVE-2024-46901 Apache Subversion: mod_dav_svn denial-of-service via control characters in paths
Insufficient validation of filenames against control characters in Apache Subversion repositories served via moddavsvn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including...
CVE-2024-5816
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. This...
CVE-2024-5816
CVE-2024-5816 – GitHub Enterprise Server : An Incorrect Authorization flaw allows a suspended GitHub App to retain access to repositories via a scoped user access token. Impact is limited to public repositories; private repos are not affected. Affected: all GitHub Enterprise Server versions prior...
CVE-2024-5566 Improper Privilege Management allows for access to unauthorized repository content during migration
An improper privilege management vulnerability allowed users to migrate private repositories without having appropriate scopes defined on the related Personal Access Token. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in version 3.13.1, 3.12.6,...
CVE-2024-34146
Jenkins Git server Plugin 114.v068ac7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories...