2 matches found
Git credentials are exposed in Atlantis logs
Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Atlantis logs contains GitHub credentials tokens ghs... when they are rotated. Thi...
CVE-2022-24912
The vulnerability is in github.com/runatlantis/atlantis/server/controllers/events (pre-0.19.7) where webhook secret validation uses a non-constant-time comparison, enabling timing attacks to recover the secret and forge webhook events. This aligns with CVE-2022-24912 and related advisories. Impac...