Git credentials are exposed in Atlantis logs

Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Atlantis logs contains GitHub credentials tokens ghs... when they are rotated. Thi...

PT-2024-35093 · Atlantis · Atlantis

Name of the Vulnerable Software and Affected Versions: Atlantis versions prior to 0.30.0 Description: The issue concerns the exposure of GitHub credentials in Atlantis logs, specifically tokens starting with ghs ..., when they are rotated. This allows an attacker who can read these logs to...

Atlantis 日志信息泄露漏洞

Atlantis is a self-hosted golang application from the Atlantis open source. It listens to Terraform pull request events via webhook. Atlantis has a log information disclosure vulnerability that stems from Atlantis logs containing GitHub credentials during rotation. An attacker who could read thes...

HTTP SickRage Password Leak

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP SickRage Password Leak', 'Description' = %q SickRage 'Sven Fassbender', EDB POC 'Shelby Pace' Metasploit Module , 'License' = MSFLICENSE,...

PT-2024-13679 · Github · Github

Name of the Vulnerable Software and Affected Versions: Kiuwan SAST: versions prior to the fixed version Kiuwan Local Analyzer KLA affected versions not specified Description: The Kiuwan Local Analyzer KLA Java scanning application contains several hard-coded secrets in plain text format,...

jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials

A flaw was found in the blueocean Jenkins plugin. Affected versions of this plugin allow attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job...

jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials

A flaw was found in the blueocean Jenkins plugin. Affected versions of this plugin allow attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job...

Cross-site Request Forgery

blueocean is vulnerable to Cross-site Request Forgery. The vulnerability is due to a lack of requiring POST requests for an HTTP endpoint in GithubScm.java, which allows an attacker to view github credentials...

CVE-2023-40341

A flaw was found in the blueocean Jenkins plugin. Affected versions of this plugin allow attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job...

CVE-2023-40341

A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job...

CVE-2023-40341

A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job...

CVE-2023-40341

A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job...

Jenkins Plugin Blue Ocean 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A cross-site request...

SUSE CVE-2018-1000143

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...

SUSE CVE-2018-1000142

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials...

Ethical Hackers Breach U.N., Access 100,000 Private Records

Security researchers successfully hacked the United Nations, accessing user credentials and personally identifiable information PII–including more than 100,000 private employee and project records—before informing the U.N. about the problem through the organization’s vulnerability disclosure...

Shhgit - Find GitHub Secrets In Real Time

Shhgit finds secrets and sensitive files across GitHub code and Gists committed in near real time by listening to the GitHub Events API. NEW: LIVE VERSION. Find GitHub secrets straight from your browser! Finding secrets in GitHub is nothing new. There are many great tools available to help with...

grunt-gh-pages before 0.10.0 may allow unencrypted GitHub credentials to be written to a log file

Versions of grunt-gh-pages prior to 0.10.0 are affected by a vulnerability which may cause unencrypted GitHub credentials to be written to a log file in certain circumstances. In the grunt-gh-pages deployment scenario where authentication is performed by injecting a GitHub token directly into the...

HTTP SickRage Password Leak

SickRage 'HTTP SickRage Password Leak', 'Description' = %q SickRage 'Sven Fassbender', EDB POC 'Shelby Pace' Metasploit Module , 'License' = MSFLICENSE, 'References' = 'CVE', '2018-9160', 'EDB', '44545' , 'DisclosureDate' = '2018-03-08' registeroptions OptString.new'TARGETURI', true, 'Optional pa...