3 matches found
CVE-2023-23939 Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower
Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This...
CVE-2023-23939 Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower
Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This...
CVE-2023-23939
CVE-2023-23939 concerns the Azure/setup-kubectl GitHub Action (Kubectl installer). Affected versions prior to 3.0 suffer from insecure temporary file creation that makes the Kubectl binary world-writable, allowing any local actor on the Actions runner to replace it. The installer uses fs.chmodSyn...