Lucene search
K

128 matches found

NCSC
NCSC
added 2023/05/08 12:0 a.m.5 views

Vulnerability fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed a vulnerability in GitLab Enterprise Edition EE and Community Edition CE. A malicious person with user privileges could exploit the vulnerability to use a GraphQL endpoint to install rogue runners in any project within the environment and thus execute arbitrary code execute. GitL...

9.6CVSS7.2AI score0.05042EPSS
Exploits0
NVD
NVD
added 2023/04/24 10:15 p.m.39 views

CVE-2023-30623

embano1/wip is a GitHub Action written in Bash. Prior to version 2, the embano1/wip action uses the github.event.pullrequest.title parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string interpolation. This...

8.8CVSS9AI score0.03728EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/04/24 12:0 a.m.5 views

PT-2023-22820 · Unknown · Embano1/Wip

Name of the Vulnerable Software and Affected Versions: embano1/wip versions prior to 2 Description: The embano1/wip action uses the github.event.pull request.title parameter in an insecure way, resulting in a command injection vulnerability due to string interpolation. This issue can be triggered...

8.8CVSS8.8AI score0.03728EPSS
Exploits1References9
OSV
OSV
added 2023/03/13 8:19 p.m.14 views

CVE-2023-27581 github-slug-action vulnerable to arbitrary code execution

github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0 and prior to version 4.4.1, this action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on...

8.8CVSS8.5AI score0.01576EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/03/06 12:0 a.m.7 views

PT-2023-19310 · Microsoft · Azure/Setup-Kubectl

Name of the Vulnerable Software and Affected Versions: Azure/setup-kubectl versions prior to 3 Description: The issue arises from an insecure temporary creation of a file, allowing other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable...

7CVSS7AI score0.00362EPSS
Exploits0References8
OSV
OSV
added 2023/03/02 9:15 p.m.15 views

CVE-2023-22381

A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to...

8.8CVSS5.9AI score0.00839EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2023/01/13 6:30 a.m.4 views

com.blazebit:blaze-persistence-integration-spring-data-testsuite-webflux-jakarta-runner (>=1.6.10 <=1.6.18), com.blazebit:blaze-persistence-integration-spring-data-testsuite-webmvc-jakarta-runner (>=1.6.10 <=1.6.18) +322 more potentially affected by CVE-2022-3143 via org.wildfly.security:wildfly-elytron (>=1.16.0.CR1 <=1.20.2.Final)

org.wildfly.security:wildfly-elytron MAVEN version =1.16.0.CR1, =1.6.10, =1.6.10, =6.2.0, =0.1.0, =1.0.1, =6.3.0, =0.1.0, =2.5.0.CR1, =2.0.0.Final, =2.0.0.Final, =2.0.0.Final, =1.3.0, =1.3.1 - io.thorntail:config-api =1.4.0 - io.thorntail:config-api-generator =1.4.0 and more Source cves:...

7.4CVSS6.6AI score0.00584EPSS
Exploits0
Hacker One
Hacker One
added 2022/01/06 12:29 a.m.32 views

GitLab: Container escape on public GitLab CI runners

Summary It is possible to circumvent the isolation in place for build jobs running on public CI runners by escaping the docker container running the build job. This is possible via abuse of the cgroup releaseagent functionality, made possible by CI jobs being allowed to mount filesystems inside t...

7.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2021/10/23 5:9 a.m.10 views

code-runners.com Improper Access Control vulnerability OBB-2199101

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

0.1AI score
Exploits0
OSV
OSV
added 2021/09/24 6:15 p.m.3 views

CVE-2021-22869

An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self-hosted runner groups for access control. A repository with access to one enterprise runner group...

9.8CVSS5.9AI score0.01157EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/09/24 12:0 a.m.4 views

GitHub Enterprise Server 授权问题漏洞

GitHub Enterprise Server is Github an open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. GitHub Enterprise Server has a security vulnerability that stems from an improper access contro...

9.8CVSS8.5AI score0.01157EPSS
Exploits0References3
Kitploit
Kitploit
added 2021/08/07 9:30 p.m.334 views

Go-Shellcode - A Repository Of Windows Shellcode Runners And Supporting Utilities

go-shellcode is a repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques. The available Shellcode runners include: CreateFiber CreateProcess CreateProcessWithPipe CreateRemoteThread CreateRemoteThreadNati...

8.9AI score
Exploits0References22
OSV
OSV
added 2020/11/17 6:15 p.m.18 views

CVE-2020-13350

CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are =13.5.0, =13.4.0, 13.4.5,13.3.9...

4.3CVSS6.5AI score0.00692EPSS
Exploits0References3
Prion
Prion
added 2020/11/17 6:15 p.m.15 views

Cross site request forgery (csrf)

CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are =13.5.0, =13.4.0, 13.4.5,13.3.9...

4.3CVSS4.7AI score0.00692EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2020/11/17 6:15 p.m.14 views

CVE-2020-13350

CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are =13.5.0, =13.4.0, 13.4.5,13.3.9...

4.3CVSS5.8AI score0.00692EPSS
Exploits0References1
OSV
OSV
added 2020/11/17 6:15 p.m.1 views

UBUNTU-CVE-2020-13350

CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are =13.5.0, =13.4.0, 13.4.5,13.3.9...

4.3CVSS5.8AI score0.00692EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/11/17 5:55 p.m.21 views

CVE-2020-13350

CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are =13.5.0, =13.4.0, 13.4.5,13.3.9...

3.1CVSS4.8AI score0.00692EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/11/17 12:0 a.m.4 views

PT-2020-13491 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.3.0 through 13.3.8 GitLab CE/EE versions 13.4.0 through 13.4.4 GitLab CE/EE versions 13.5.0 through 13.5.1 Description: A CSRF issue in the runner administration page of GitLab CE/EE allows an attacker to target GitLa...

4.3CVSS4.2AI score0.00692EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2020/08/10 12:0 a.m.4 views

PT-2020-13436 · Gitlab · Gitlab Runner +1

Name of the Vulnerable Software and Affected Versions: GitLab Runner versions prior to 13.0.12 GitLab Runner versions prior to 13.1.6 GitLab Runner versions prior to 13.2.3 Description: The issue allows for Server-Side Request Forgery SSRF by replacing dockerd with a malicious server, making the...

8.8CVSS8.7AI score0.01158EPSS
Exploits0References12
FreeBSD
FreeBSD
added 2020/01/02 12:0 a.m.33 views

Gitlab -- Multiple Vulnerabilities

The GitLab Team reports: Group Maintainers Can Update/Delete Group Runners Using API GraphQL Queries Can Hang the Application Unauthorized Users Have Access to Milestones of Releases Private Group Name Revealed Through Protected Tags API Users Can Publish Reviews on Locked Merge Requests DoS in t...

5.3CVSS4.9AI score0.01107EPSS
Exploits0References1
Rows per page
Query Builder