3 matches found
CVE-2023-22726 Unrestricted file upload leading to privilege escalation in act
act is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may lead to privilege...
CVE-2023-22726
Summary: CVE-2023-22726 affects the act project (local GitHub Actions runner). The artifact server does not sanitize path inputs, enabling path traversal via user-controlled paths on both the /upload and /artifact endpoints, which can lead to arbitrary file download and potential overwrites on th...
CVE-2023-22726 Unrestricted file upload leading to privilege escalation in act
act is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may lead to privilege...