68 matches found
CVE-2024-2435 Stored XSS in Timeline View
For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...
PT-2024-22137
Name of the Vulnerable Software and Affected Versions Nuclei versions prior to 3.2.0 Description A significant security oversight was identified in Nuclei, involving the execution of unsigned code templates through workflows. This issue specifically affects users utilizing custom workflows,...
Nuclei Security Vulnerabilities
Nuclei is a customizable and fast vulnerability scanner based on YAML syntax templates. A security vulnerability exists in nuclei 3.0.0 and later, which stems from allowing the execution of unsigned code templates via a workflow, resulting in malicious code that can be executed on a user's system...
CVE-2024-1482
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUBTOKEN. To exploit this vulnerability, an attacker would need access...
CVE-2024-1482 Improper Authorization in GitHub Enterprise Server allowed unauthorized workflow execution
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUBTOKEN. To exploit this vulnerability, an attacker would need access...
CVE-2024-1482 Improper Authorization in GitHub Enterprise Server allowed unauthorized workflow execution
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUBTOKEN. To exploit this vulnerability, an attacker would need access...
DECE Software Geodi Security Vulnerability
DECE Software Geodi is DECE Software's semantic search, GIS and discovery platform based on artificial intelligence and natural language processing. A security vulnerability exists in DECE Software Geodi versions prior to 8.0.0.27396 that stems from the presence of a behavioral workflow execution...
CVE-2017-3801
A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control RBAC...