Lucene search
+L

4 matches found

Vulnrichment
Vulnrichment
added 2025/01/24 6:4 p.m.12 views

CVE-2025-24362 CodeQL GitHub Action failed workflow writes GitHub PAT to debug artifacts

In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository...

7.1CVSS7.1AI score0.00892EPSS
Exploits0References6
CVE
CVE
added 2025/01/24 6:4 p.m.82 views

CVE-2025-24362

CVE-2025-24362 concerns CodeQL Action when debug artifacts are enabled. In certain failed CodeQL analyses on Java/Kotlin repos, the uploaded debug artifacts could contain environment variables from the workflow run, including secrets such as the GITHUB_TOKEN. The token could be valid for the dura...

7.1CVSS6.9AI score0.00892EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/01/24 6:4 p.m.35 views

CVE-2025-24362 CodeQL GitHub Action failed workflow writes GitHub PAT to debug artifacts

In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository...

7.1CVSS0.00892EPSS
Exploits0References6
OSV
OSV
added 2025/01/24 6:4 p.m.12 views

CVE-2025-24362 CodeQL GitHub Action failed workflow writes GitHub PAT to debug artifacts

In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository...

7.1CVSS9.2AI score0.00892EPSS
Exploits0References10
Rows per page
Query Builder