7 matches found
Metasploit Weekly Wrap-Up 04/26/24
Rancher Modules This week, Metasploit community member h00die added the second of two modules targeting Rancher instances. These modules each leak sensitive information from vulnerable instances of the application which is intended to manage Kubernetes clusters. These are a great addition to...
GitLens Git Local Configuration Execution Exploit
GitKraken GitLens versions prior to 14.0.0 allow an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10. This module require...
GitLens Git Local Configuration Exec
GitKraken GitLens before v.14.0.0 allows an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10 Module Options msf use...
CVE-2023-46944
creationtimestamp| type| source ---|---|--- 2023-12-20 09:42:30+00:00| seen| https://t.me/ctinow/156827 2024-04-19 00:45:19+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/fileformat/gitlenslocalconfigexec.rb 2024-04-20 00:44:19+00:00| seen|...
CVE-2023-46944
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...
CVE-2023-46944
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...
CVE-2023-46944
CVE-2023-46944 affects GitKraken GitLens plugins for VSCode prior to 14.0.0. A crafted file can be used to coerce the Visual Studio Code workspace trust component into executing arbitrary code, via a local attack vector. Root cause cited: insufficient input validation in GitLens workflow context ...