2324 matches found
CVE-2024-6395
An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability...
CVE-2024-6395 GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Deploy Keys
An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability...
CVE-2024-6395 GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Deploy Keys
An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability...
PT-2024-37592 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 Description: An exposure of sensitive information issue in GitHub Enterprise Server allows an attacker to enumerate the names of private repositories that utilize deploy keys. This issue does no...
Malicious code in health-and-wellness-collab-macro-deploy (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 490467d98a5f3dcce3605ce769912fad8036917a2da1ab4065e039e6a970a34b The OpenSSF Package Analysis project identified 'health-and-wellness-collab-macro-deploy' @ 1.0.8 npm as malicious. It is considered malicious...
CVE-2024-5470
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with adminpushrules permission may have been able to create project-level deploy tokens...
UBUNTU-CVE-2024-5470
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with adminpushrules permission may have been able to create project-level deploy tokens...
CVE-2024-5470 Improper Access Control in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with adminpushrules permission may have been able to create project-level deploy tokens...
CVE-2024-5470 Improper Access Control in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with adminpushrules permission may have been able to create project-level deploy tokens...
CVE-2024-5470
GitLab CE/EE CVE-2024-5470 affects all versions from 17.0 up to, but not including, 17.0.4 and from 17.1 up to, but not including, 17.1.2. A Guest user with the admin_push_rules permission may have been able to create project-level deploy tokens. The description explicitly identifies the vulnerab...
CVE-2024-5470
Removed by vendor...
FreeBSD : Gitlab -- vulnerabilities (acb4eab6-3f6d-11ef-8657-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the acb4eab6-3f6d-11ef-8657-001b217b3468 advisory. Gitlab reports: An attacker can run pipeline jobs as an arbitrary user Developer user with...
Gitlab -- vulnerabilities
Gitlab reports: An attacker can run pipeline jobs as an arbitrary user Developer user with admincomplianceframework permission can change group URL Admin push rules custom role allows creation of project level deploy token Package registry vulnerable to manifest confusion User with admingroupmemb...
CVE-2024-22377
The deploy directory in PingFederate runtime nodes is reachable to unauthorized users...
CVE-2024-22377
The deploy directory in PingFederate runtime nodes is reachable to unauthorized users...
CVE-2024-22377 PingFederate Runtime Node Path Traversal
The deploy directory in PingFederate runtime nodes is reachable to unauthorized users...
PT-2024-19373 · Unknown · Pingfederate
Name of the Vulnerable Software and Affected Versions: PingFederate affected versions not specified Description: The issue concerns the deploy directory in PingFederate runtime nodes being accessible to unauthorized users. Recommendations: At the moment, there is no information about a newer...
Malicious code in branch-deploy-action (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6f8ee439aa1b1732d638e3b68c12f320056784b39327753fbd3ff9f476d39ace The OpenSSF Package Analysis project identified 'branch-deploy-action' @ 2.1.1 npm as malicious. It is considered malicious because: - The packa...
MAL-2024-7421 Malicious code in branch-deploy-action (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6f8ee439aa1b1732d638e3b68c12f320056784b39327753fbd3ff9f476d39ace The OpenSSF Package Analysis project identified 'branch-deploy-action' @ 2.1.1 npm as malicious. It is considered malicious because: - The packa...
@adobe/helix-deploy (>=11.0.11 <=11.1.13) potentially affected by CVE-2024-38375 via @fastly/js-compute (>=3.11.0 <=3.15.0)
@fastly/js-compute NPM version =3.11.0, =11.0.11, =11.1.13 Source cves: CVE-2024-38375 Source advisory: OSV:GHSA-MP3G-VPM9-9VQV...