1351 matches found
CVE-2022-23740
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This...
Design/Logic Flaw
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This...
CVE-2022-23740 Improper Neutralization of Argument Delimiters in a Command in GitHub Enterprise Server leading to Remote Code Execution
CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This...
PT-2022-16243 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server version 3.7.0 Description: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an...
GHSA-2C6M-6GQH-6QG3 Docker Command Escaping in the GitHub Actions Runner
Impact The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands was discovered that allows an input to escape the environment variable and modify th...
Docker Command Escaping in the GitHub Actions Runner
Impact The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands was discovered that allows an input to escape the environment variable and modify th...
CVE-2022-39326
kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...
CVE-2022-39321
GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...
Command injection
GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...
Code injection
kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...
CVE-2022-39326 kartverket/github-workflows's run-terraform allows for RCE via terraform plan
kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...
CVE-2022-39321 GitHub Actions Runner vulnerable to Docker Command Escaping
GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...
CVE-2022-39321 GitHub Actions Runner vulnerable to Docker Command Escaping
GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...
CVE-2022-39321 GitHub Actions Runner vulnerable to Docker Command Escaping
GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...
CVE-2022-39321
The CVE-2022-39321 vulnerability affects GitHub Actions Runner: a logic bug in how the environment is encoded into docker invocations allowed input to escape environment variables and modify docker commands. Affected versions prior to patch are 2.296.2, 2.293.1, 2.289.4, 2.285.2, and 2.283.4. Pat...
CVE-2022-39326
CVE-2022-39326 affects the kartverket/github-workflows repository's run-terraform reusable workflow. Before version 2.7.5, a malicious pull request could inject code that executes arbitrary JavaScript in the workflow context. Impact is described as code execution within the GitHub Actions workflo...
GitHub Actions Runner 操作系统命令注入漏洞
GitHub Actions Runner is an application that runs jobs from a GitHub Actions workflow. A security vulnerability exists in GitHub Actions Runner that stems from the presence of a logic error that allows input to escape an environment variable and directly modify that docker command call, Jobs that...
PT-2022-24898 · Github · Github Actions Runner
Name of the Vulnerable Software and Affected Versions: GitHub Actions Runner versions prior to 2.296.2 GitHub Actions Runner versions prior to 2.293.1 GitHub Actions Runner versions prior to 2.289.4 GitHub Actions Runner versions prior to 2.285.2 GitHub Actions Runner versions prior to 2.283.4...
CVE-2022-39326 kartverket/github-workflows's run-terraform allows for RCE via terraform plan
kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...
SUSE SLED15 / SLES15 Security Update : cosign (SUSE-SU-2022:3486-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3486-1 advisory. - Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versio...