32 matches found
EUVD-2012-2687
Malware in sbrugna...
EUVD-2018-0238
Malware in sbrugna...
EUVD-2020-0439
Malware in sbrugna...
CVE-2020-11059
In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1...
Hostmaster (Aegir) - Moderately critical - Access bypass, Arbitrary code execution - SA-CONTRIB-2020-031
Aegir is a powerful hosting system that sits alongside a LAMP or LEMP server to create, deploy and manage Drupal sites. Given that Aegir can use both Apache and Nginx Web servers, Apache allows configuration-writing users to escalate their privileges to the superuser root, and Aegir's operations...
Information Disclosure
aegir is vulnerable to Information Disclosure. Environmental variables in the browser bundle contains tokens and keys, which can be leaked during aegir publish or aegir build...
AEgir Information Disclosure Vulnerability (CNVD-2020-31168)
AEgir is a JavaScript project automation build package from Protocol Labs. An information disclosure vulnerability exists in aegir publish and aegir build in Aegir versions 21.7.0 through 21.10.1 excluding version 21.10.1. An attacker can use this vulnerability to obtain information about...
CVE-2020-11059
In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1...
CVE-2020-11059
In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1...
Input validation
In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1...
Exposure of Sensitive Information to an Unauthorized Actor in AEgir
Impact aegir publish and aegir build may leak secrets from environmental variables in the browser bundle published to npm. Patches The code has been patched, users should upgrade to = 21.10.1 Workarounds Run printenv to check your environment variables and revoke any secrets. For more information...
GHSA-QFCV-5WHW-7PCW Exposure of Sensitive Information to an Unauthorized Actor in AEgir
Impact aegir publish and aegir build may leak secrets from environmental variables in the browser bundle published to npm. Patches The code has been patched, users should upgrade to = 21.10.1 Workarounds Run printenv to check your environment variables and revoke any secrets. For more information...
CVE-2020-11059
In AEgir, vulnerabilities exist in versions 21.7.0 up to but not including 21.10.1 where the commands “aegir publish” and “aegir build” may leak environment variables from the browser bundle published to npm. The issue enables potential exposure of secrets (high impact per CVSS) and has been fixe...
CVE-2020-11059 Exposure of Sensitive Information to an Unauthorized Actor in AEgir
In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1...
Aegir HTTPS - Moderately critical - Access bypass - SA-CONTRIB-2019-003
Aegir is a Web hosting control panel program that provides a Drupal-based graphical interface designed to simplify deploying, managing and upgrading an entire network of Drupal, Wordpress and CiviCRM Web sites. The Hosting HTTPS module is a commonly used piece of the Aegir platform. This module...
Provision - Moderately critical - Access bypass - SA-CONTRIB-2019-002
Aegir is a Web hosting control panel program that provides a Drupal-based graphical interface designed to simplify deploying, managing and upgrading an entire network of Drupal, Wordpress and CiviCRM Web sites. The Provision module is a core piece of the Aegir platform. This module doesn't...
Github Token Leak in aegir
Affected versions of aegir bundle and publish the current users github token to npm when aegir-release is executed. Recommendation Update to version 12.0.8 or later. If you used this module to do a release for your project you should invalidate the GitHub tokens that were leaked...
GHSA-6XHF-X49C-M5M6 Github Token Leak in aegir
Affected versions of aegir bundle and publish the current users github token to npm when aegir-release is executed. Recommendation Update to version 12.0.8 or later. If you used this module to do a release for your project you should invalidate the GitHub tokens that were leaked...
Information Disclosure
aegir is vulnerable to information disclosures. The library publishes users github tokens when the aegir-release command is run...
CVE-2017-16225
aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user that performed a aegir-release GitHub token...