Lucene search
K

2324 matches found

NVD
NVD
added 2024/07/16 10:15 p.m.20 views

CVE-2024-6395

An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability...

6.3CVSS0.00492EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/07/16 9:27 p.m.18 views

CVE-2024-6395 GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Deploy Keys

An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability...

6.3CVSS6.4AI score0.00492EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/07/16 9:27 p.m.21 views

CVE-2024-6395 GitHub Enterprise Server Information Disclosure Vulnerability Exposes Private Repository Names via Deploy Keys

An exposure of sensitive information vulnerability in GitHub Enterprise Server would allow an attacker to enumerate the names of private repositories that utilize deploy keys. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability...

6.3CVSS0.00492EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/16 12:0 a.m.7 views

PT-2024-37592 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 Description: An exposure of sensitive information issue in GitHub Enterprise Server allows an attacker to enumerate the names of private repositories that utilize deploy keys. This issue does no...

6.3CVSS6.7AI score0.00492EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/07/15 5:25 p.m.3 views

Malicious code in health-and-wellness-collab-macro-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 490467d98a5f3dcce3605ce769912fad8036917a2da1ab4065e039e6a970a34b The OpenSSF Package Analysis project identified 'health-and-wellness-collab-macro-deploy' @ 1.0.8 npm as malicious. It is considered malicious...

7.1AI score
Exploits0
NVD
NVD
added 2024/07/11 7:15 a.m.36 views

CVE-2024-5470

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with adminpushrules permission may have been able to create project-level deploy tokens...

3.8CVSS0.00328EPSS
Exploits0References2
OSV
OSV
added 2024/07/11 7:15 a.m.3 views

UBUNTU-CVE-2024-5470

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with adminpushrules permission may have been able to create project-level deploy tokens...

3.8CVSS5.8AI score0.00328EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/07/11 6:57 a.m.20 views

CVE-2024-5470 Improper Access Control in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with adminpushrules permission may have been able to create project-level deploy tokens...

3.8CVSS6.6AI score0.00328EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/11 6:57 a.m.32 views

CVE-2024-5470 Improper Access Control in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with adminpushrules permission may have been able to create project-level deploy tokens...

3.8CVSS0.00328EPSS
Exploits0References2
CVE
CVE
added 2024/07/11 6:57 a.m.221 views

CVE-2024-5470

GitLab CE/EE CVE-2024-5470 affects all versions from 17.0 up to, but not including, 17.0.4 and from 17.1 up to, but not including, 17.1.2. A Guest user with the admin_push_rules permission may have been able to create project-level deploy tokens. The description explicitly identifies the vulnerab...

3.8CVSS4AI score0.00328EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2024/07/11 6:57 a.m.24 views

CVE-2024-5470

Removed by vendor...

3.8CVSS5.8AI score0.00328EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/07/11 12:0 a.m.27 views

FreeBSD : Gitlab -- vulnerabilities (acb4eab6-3f6d-11ef-8657-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the acb4eab6-3f6d-11ef-8657-001b217b3468 advisory. Gitlab reports: An attacker can run pipeline jobs as an arbitrary user Developer user with...

9.8CVSS6.4AI score0.06036EPSS
Exploits2References8
FreeBSD
FreeBSD
added 2024/07/10 12:0 a.m.43 views

Gitlab -- vulnerabilities

Gitlab reports: An attacker can run pipeline jobs as an arbitrary user Developer user with admincomplianceframework permission can change group URL Admin push rules custom role allows creation of project level deploy token Package registry vulnerable to manifest confusion User with admingroupmemb...

9.8CVSS7AI score0.06036EPSS
Exploits2References1
OSV
OSV
added 2024/07/09 11:15 p.m.1 views

CVE-2024-22377

The deploy directory in PingFederate runtime nodes is reachable to unauthorized users...

5.3CVSS5.8AI score0.00439EPSS
Exploits0References1
NVD
NVD
added 2024/07/09 11:15 p.m.14 views

CVE-2024-22377

The deploy directory in PingFederate runtime nodes is reachable to unauthorized users...

5.3CVSS0.00439EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/09 11:3 p.m.20 views

CVE-2024-22377 PingFederate Runtime Node Path Traversal

The deploy directory in PingFederate runtime nodes is reachable to unauthorized users...

5.3CVSS0.00439EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.4 views

PT-2024-19373 · Unknown · Pingfederate

Name of the Vulnerable Software and Affected Versions: PingFederate affected versions not specified Description: The issue concerns the deploy directory in PingFederate runtime nodes being accessible to unauthorized users. Recommendations: At the moment, there is no information about a newer...

5.3CVSS6.8AI score0.00439EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/07/06 12:19 p.m.3 views

Malicious code in branch-deploy-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6f8ee439aa1b1732d638e3b68c12f320056784b39327753fbd3ff9f476d39ace The OpenSSF Package Analysis project identified 'branch-deploy-action' @ 2.1.1 npm as malicious. It is considered malicious because: - The packa...

6.9AI score
Exploits0
OSV
OSV
added 2024/07/06 12:19 p.m.9 views

MAL-2024-7421 Malicious code in branch-deploy-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6f8ee439aa1b1732d638e3b68c12f320056784b39327753fbd3ff9f476d39ace The OpenSSF Package Analysis project identified 'branch-deploy-action' @ 2.1.1 npm as malicious. It is considered malicious because: - The packa...

7.1AI score
Exploits0
vulnersOsv
vulnersOsv
added 2024/06/26 7:12 p.m.16 views

@adobe/helix-deploy (>=11.0.11 <=11.1.13) potentially affected by CVE-2024-38375 via @fastly/js-compute (>=3.11.0 <=3.15.0)

@fastly/js-compute NPM version =3.11.0, =11.0.11, =11.1.13 Source cves: CVE-2024-38375 Source advisory: OSV:GHSA-MP3G-VPM9-9VQV...

5.3CVSS5.8AI score0.00266EPSS
Exploits0
Rows per page
Query Builder