33 matches found
CVE-2024-37051
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5,...
CVE-2024-37051
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5,...
JetBrains Multiple IDE Security Vulnerabilities
JetBrains IntelliJ IDEA and others are products of the Czech company JetBrains.JetBrains IntelliJ IDEA is a set of integrated development environments IDEs for the Java language.JetBrains PyCharm is an integrated development environment IDE for the Python language. JetBrains PhpStorm is a softwar...
CVE-2023-39438 Missing Authorization check allows certain operations on CLA Assistant data
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as...
CVE-2021-32638
Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing the GitHub token as a command-line parameter to the process instead ...
CVE-2021-32638
CVE-2021-32638 concerns Github CodeQL runner/CodeQL Action used in non-GitHub CI environments, where a GitHub access token supplied via the --github-auth flag could be exposed to other processes through system output (e.g., ps). The issue is resolved by deprecating --github-auth and using secure ...
CVE-2021-29642
GistPad before 0.2.7 allows a crafted workspace folder to change the URL for the Gist API, which leads to leakage of GitHub access tokens...
CVE-2021-29642
GistPad before 0.2.7 allows a crafted workspace folder to change the URL for the Gist API, which leads to leakage of GitHub access tokens...
CVE-2021-25774
In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user...
CVE-2021-25774
In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user...
TheCl0n3r - Tool To Download And Manage Your Git Repositories
TheCl0n3r will allow you to download and manage your git repositories. Preface About 90% of the penetration testing tools used in my experience can be found primarily on github. The aim of this was to make it easier to download, update and delete these git repositories. If moving to a new testing...
CVE-2017-1000110
Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check the current user's authentication and authorization when...
Algolia: An “algobot”-s GitHub access token was leaked
An access token of algobot account was first leaked 2015-12-02 in this Travis CI job log of instantsearch.js project due to incorrect handling of output from command git clone or a ghpages module to be more specific. Since then, the configuration of that project seems to have been changed not to...