GHSA-7V38-W32M-WX4M Types for Vela Insecure Variable Substitution

Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...

Types for Vela Insecure Variable Substitution

Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...

Insecure Variable Substitution in Vela

Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...

Input validation

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...

CVE-2024-28236 Insecure Variable Substitution in Vela

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...

BIT-COSIGN-2022-36056 Vulnerabilities with blob verification in sigstore cosign

Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...

Authorization

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUBTOKEN. To exploit this vulnerability, an attacker would need access...

CVE-2024-1482 Improper Authorization in GitHub Enterprise Server allowed unauthorized workflow execution

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUBTOKEN. To exploit this vulnerability, an attacker would need access...

CVE-2024-1482 Improper Authorization in GitHub Enterprise Server allowed unauthorized workflow execution

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUBTOKEN. To exploit this vulnerability, an attacker would need access...

Argus - A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions

This repo contains the code for our USENIX Security '23 paper "ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions". Argus is a comprehensive security analysis tool specifically designed for GitHub Actions. Built with an aim to enhance the security of CI/CD...

TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks

Continuous integration and continuous delivery CI/CD misconfigurations discovered in the open-source TensorFlow machine learning framework could have been exploited to orchestrate supply chain attacks. The misconfigurations could be abused by an attacker to "conduct a supply chain compromise of...

Malicious code in gh-action-send-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b4f6d4e13a5a1a14537f878bfa2d4490b5606649326d77d4b88e205a010f124b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-52137 GitHub Action tj-actions/verify-changed-files is vulnerable to command injection in output filenames

The tj-actions/verify-changed-files action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The verify-changed-files workflow returns the list of files changed within a workflow execution. This could potentially allow...

CVE-2023-52137

CVE-2023-52137 affects the tj-actions/verify-changed-files GitHub Action. The vulnerability allows command injection through changed filenames returned by the verify-changed-files workflow, potentially enabling arbitrary code execution on the GitHub Runner and secret leakage when outputs are used...

PT-2023-31929

Name of the Vulnerable Software and Affected Versions tj-actions/verify-changed-files versions prior to 17 Description The tj-actions/verify-changed-files action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The...

com.github.t1:wunderbar.demo.product (>=2.4.8 <=2.4.9), io.quarkiverse.githubaction:quarkus-github-action (>=0.9.1 <=0.9.2) +19 more potentially affected by CVE-2023-6394 via io.quarkus:quarkus-smallrye-graphql-client (>=2.0.0.Alpha3 <=2.13.8.Final)

io.quarkus:quarkus-smallrye-graphql-client MAVEN version =2.0.0.Alpha3, =2.4.8, =0.9.1, =0.9.1, =0.9.1, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =2.0.0, =2.0.0.Alpha3, =2.13.8.Final and more Source cves: CVE-2023-6394...

tj-actions/branch-names's Improper Sanitization of Branch Name Leads to Arbitrary Code Injection

Summary The tj-actions/branch-names GitHub Actions references the github.event.pullrequest.head.ref and github.headref context variables within a GitHub Actions run step. The head ref variable is the branch name and can be used to execute arbitrary code using a specially crafted branch name...

GHSA-8V8W-V8XG-79RF tj-actions/branch-names's Improper Sanitization of Branch Name Leads to Arbitrary Code Injection

Summary The tj-actions/branch-names GitHub Actions references the github.event.pullrequest.head.ref and github.headref context variables within a GitHub Actions run step. The head ref variable is the branch name and can be used to execute arbitrary code using a specially crafted branch name...

CVE-2023-49291

tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The tj-actions/branch-names GitHub Actions improperly references the github.event.pullrequest.head.ref and github.headref context variables within a GitHub Actions run step. The head ref variab...

Microsoft guidance regarding credentials leaked to GitHub Actions Logs through Azure CLI

Summary The Microsoft Security Response Center MSRC was made aware of a vulnerability where Azure Command-Line Interface CLI could expose sensitive information, including credentials, through GitHub Actions logs. The researcher, from Palo Alto Networks Prisma Cloud, found that Azure CLI commands...