Lucene search
K

142 matches found

Github Security Blog
Github Security Blog
added 2024/03/15 8:6 p.m.22 views

Server/API for Vela Insecure Variable Substitution

Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...

7.3AI score
Exploits0References3Affected Software1
OSV
OSV
added 2024/03/15 8:6 p.m.10 views

GHSA-69P4-J5V5-X234 Server/API for Vela Insecure Variable Substitution

Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...

7.7CVSS7.3AI score
Exploits0References3
OSV
OSV
added 2024/03/15 8:5 p.m.14 views

GHSA-7V38-W32M-WX4M Types for Vela Insecure Variable Substitution

Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...

7.7CVSS7.3AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/03/15 8:5 p.m.14 views

Types for Vela Insecure Variable Substitution

Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...

7.3AI score
Exploits0References3Affected Software1
NVD
NVD
added 2024/03/12 9:15 p.m.39 views

CVE-2024-28236

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...

7.7CVSS7.8AI score0.00716EPSS
Exploits0References2
Prion
Prion
added 2024/03/12 9:15 p.m.25 views

Input validation

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...

4CVSS7.8AI score0.00716EPSS
Exploits0References2
OSV
OSV
added 2024/03/12 8:41 p.m.32 views

CVE-2024-28236 Insecure Variable Substitution in Vela

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...

7.7CVSS7.5AI score0.00716EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:16 a.m.15 views

BIT-GITLAB-2022-1157

Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged...

3.5CVSS3.6AI score0.0062EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:54 a.m.18 views

BIT-AIRFLOW-2023-35005 Apache Airflow: Information disclosure on configuration view

In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default only if webserver exposeconfig is set to non-sensitive-only, and not all uncensored values are...

6.5CVSS6.3AI score0.01518EPSS
Exploits0References4
Veracode
Veracode
added 2023/07/22 11:40 p.m.19 views

Improper Authorization

gitLab is vulnerable to Missing Sanitization. This vulnerability exits due to the lack of validation of request URLs, allowing an attacker to include sensitive values from logged exception messages within invalid URLs, which are then logged...

5.3CVSS6.8AI score0.00537EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2023/07/22 11:22 p.m.18 views

Improper Authentication

GitLab is vulnerable to Missing Sanitization. This vulnerability exits due to the lack of validation of request URLs, allowing an attacker to include sensitive values from logged exception messages within invalid URLs, which are then logged...

6.5CVSS6.5AI score0.01129EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2023/07/22 10:54 p.m.20 views

Missing Sanitization

gitLab is vulnerable to Missing Sanitization. This vulnerability exits due to the lack of validation of request URLs, allowing an attacker to include sensitive values from logged exception messages within invalid URLs, which are then logged...

2.6CVSS6.8AI score0.0062EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/06/19 9:15 a.m.19 views

CVE-2023-35005

In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default only if webserver exposeconfig is set to non-sensitive-only, and not all uncensored values are...

6.5CVSS6.5AI score0.01518EPSS
Exploits0References3
Prion
Prion
added 2023/06/19 9:15 a.m.16 views

Code injection

In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default only if webserver exposeconfig is set to non-sensitive-only, and not all uncensored values are...

4CVSS6.5AI score0.01518EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/06/19 9:15 a.m.25 views

PYSEC-2023-89

In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default only if webserver exposeconfig is set to non-sensitive-only, and not all uncensored values are...

6.5CVSS6.4AI score0.01518EPSS
Exploits0References4
CVE
CVE
added 2023/06/19 8:15 a.m.58 views

CVE-2023-35005

Apache Airflow (affected versions 2.5.0 up to 2.6.1) has an information disclosure issue where potentially sensitive values could be shown to users in certain UI scenarios. The root cause relates to how configuration values may be exposed in the web UI, with mitigations noting that configuration ...

6.5CVSS6.4AI score0.01518EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/19 8:15 a.m.12 views

CVE-2023-35005 Apache Airflow: Information disclosure on configuration view

In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default only if webserver exposeconfig is set to non-sensitive-only, and not all uncensored values are...

6.7AI score0.01518EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/06/19 12:0 a.m.4 views

PT-2023-25091 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 2.5.0 through 2.6.1 Description: The issue in Apache Airflow involves the potential exposure of sensitive values to users under certain conditions. This is mitigated by the default configuration not showing sensitive...

7.1CVSS6.2AI score0.01518EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2023/04/24 10:44 p.m.18 views

Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform

Summary Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the info logging level during the kitchen converge action. Prior to v7.0.0, the output values were printed at the debug level to avoid writing sensitive...

3.3CVSS6AI score0.00212EPSS
Exploits0References5Affected Software1
RubySec
RubySec
added 2023/04/24 12:0 a.m.23 views

Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform

Summary Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the info logging level during the kitchen converge action. Prior to v7.0.0, the output values were printed at the debug level to avoid writing sensitive...

3.3CVSS6.8AI score0.00212EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder