7 matches found
Security Bulletin: Go-getter may allow to arbitrary filesystem reads through git operations
Summary HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and...
Docker Engine 29.3.1 Multiple Vulnerabilities
The version of the Docker Engine installed on the remote host is prior to 29.3.1. It is therefore affected by multiple vulnerabilities: - CVE-2026-34040: AuthZ plugin authorization bypass vulnerability. Authorization plugins could be bypassed under specific conditions, potentially allowing...
CVE-2025-10282
BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...
PT-2025-41394
Name of the Vulnerable Software and Affected Versions BBOT affected versions not specified Description The git clone module in BBOT may allow an attacker to disclose a GitHub API key to a server they control by using a maliciously formatted git URL. The issue involves the potential exposure of th...
CVE-2025-59457
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows...
event-driven-ansible: Authenticated Argument Injection in Git URL in EDA Project Creation
A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift...
Salt 安全漏洞
Salt is an automation, infrastructure management, data-driven orchestration and remote execution application from the Salt project. A security vulnerability exists in Salt that stems from a specially crafted git URL that could trigger the master process to execute arbitrary commands...