Lucene search
K

7 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 6:58 p.m.6 views

Security Bulletin: Go-getter may allow to arbitrary filesystem reads through git operations

Summary HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and...

7.5CVSS5.8AI score0.00583EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/03 12:0 a.m.22 views

Docker Engine 29.3.1 Multiple Vulnerabilities

The version of the Docker Engine installed on the remote host is prior to 29.3.1. It is therefore affected by multiple vulnerabilities: - CVE-2026-34040: AuthZ plugin authorization bypass vulnerability. Authorization plugins could be bypassed under specific conditions, potentially allowing...

9.8CVSS6.1AI score0.08123EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/10/10 4:20 p.m.4 views

CVE-2025-10282

BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...

4.7CVSS6.7AI score0.00213EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.4 views

PT-2025-41394

Name of the Vulnerable Software and Affected Versions BBOT affected versions not specified Description The git clone module in BBOT may allow an attacker to disclose a GitHub API key to a server they control by using a maliciously formatted git URL. The issue involves the potential exposure of th...

4.7CVSS6.1AI score0.00213EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/09/19 9:30 a.m.18 views

CVE-2025-59457

In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows...

7.7CVSS6.9AI score0.00752EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/06/30 9:23 p.m.2 views

event-driven-ansible: Authenticated Argument Injection in Git URL in EDA Project Creation

A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift...

8.8CVSS6AI score0.00484EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/06/13 12:0 a.m.3 views

Salt 安全漏洞

Salt is an automation, infrastructure management, data-driven orchestration and remote execution application from the Salt project. A security vulnerability exists in Salt that stems from a specially crafted git URL that could trigger the master process to execute arbitrary commands...

6.7CVSS7.1AI score0.00157EPSS
Exploits0References3
Rows per page
Query Builder