Lucene search
+L

4 matches found

NVD
NVD
added 2023/03/13 9:15 p.m.13 views

CVE-2023-27581

github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0 and prior to version 4.4.1, this action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on...

8.8CVSS8.9AI score0.01576EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/03/13 8:19 p.m.9 views

CVE-2023-27581 github-slug-action vulnerable to arbitrary code execution

github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0 and prior to version 4.4.1, this action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on...

8.8CVSS8.8AI score0.01576EPSS
Exploits1References4
CVE
CVE
added 2023/03/13 8:19 p.m.57 views

CVE-2023-27581

Summary: CVE-2023-27581 affects the GitHub Action github-slug-action. Vulnerability: Versions before 4.4.1 insecurely use the github.head_ref parameter in pull request workflows, enabling an attacker to trigger code execution on GitHub runners and exfiltrate CI secrets. Impact: High impact on con...

8.8CVSS8.9AI score0.01576EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/03/13 8:19 p.m.14 views

CVE-2023-27581 github-slug-action vulnerable to arbitrary code execution

github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0 and prior to version 4.4.1, this action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on...

8.8CVSS8.5AI score0.01576EPSS
Exploits1References6
Rows per page
Query Builder