GHSA-JWCM-9G39-PMCW Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

Summary A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. Details This vulnerability stems from several gh commands used to clone a repository with...

CVE-2024-53858 Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

CVE-2024-53858 Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

CVE-2024-53858

CVE-2024-53858 affects the gh CLI (GitHub CLI) and can leak authentication tokens when cloning repositories that contain git submodules hosted outside GitHub.com/ghe.com. The root cause is that certain gh commands (e.g., gh repo clone, gh repo fork, gh pr checkout) invoke git in a way that retrie...

CVE-2024-53858

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

CVE-2024-53858 Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

Malicious code in transify-helper-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8fe9a95aa86c804ea93c96457c3f8ef18a9415c888ae5921213386c8424038ef Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11111 Malicious code in transify-helper-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8fe9a95aa86c804ea93c96457c3f8ef18a9415c888ae5921213386c8424038ef Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in scan-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d7ef4d9984cb1556d85ee7a49552a644920b953dfe2a86a1b22d190cdfce82a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11001 Malicious code in scan-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d7ef4d9984cb1556d85ee7a49552a644920b953dfe2a86a1b22d190cdfce82a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in monorepo-release-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c63f18eff64dcaa5004e544abedb75ecf27b8fe4bd6cc8efecccf449ee5bea4e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10987 Malicious code in monorepo-release-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c63f18eff64dcaa5004e544abedb75ecf27b8fe4bd6cc8efecccf449ee5bea4e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GitHub CLI 信息泄露漏洞

GitHub CLI is the GitHub CLI open source for GitHub on the command line. An information disclosure vulnerability exists in GitHub CLI versions prior to 2.63.0, which stems from the possibility of disclosing authentication tokens...

PT-2024-35955

Name of the Vulnerable Software and Affected Versions: GitHub CLI versions prior to 2.63.0 Description: A security issue has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This...

USN-7130-1: GitHub CLI vulnerability

It was discovered that GitHub CLI incorrectly handled username validation. An attacker could possibly use this issue to perform remote code execution if the user connected to a malicious server. CVE-2024-52308...

USN-7130-1 gh vulnerability

It was discovered that GitHub CLI incorrectly handled username validation. An attacker could possibly use this issue to perform remote code execution if the user connected to a malicious server. CVE-2024-52308...

sigstore-java has vulnerability with bundle verification

Summary sigstore-java has insufficient verification for a situation where a validly-signed but "mismatched" bundle is presented as proof of inclusion into a transparency log Impact This bug impacts clients using any variation of KeylessVerifier.verify The verifier may accept a bundle with an...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.39 bug fix and security update

Red Hat OpenShift Container Platform release 4.15.39 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

Malicious code in dep-validator-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af93a927101a23e38ce34664c1c85dc8651f0e3a5a066ec9a110caabe4cadcbc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10960 Malicious code in dep-validator-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af93a927101a23e38ce34664c1c85dc8651f0e3a5a066ec9a110caabe4cadcbc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...