1360 matches found
CVE-2022-39321 GitHub Actions Runner vulnerable to Docker Command Escaping
GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...
CVE-2022-39321 GitHub Actions Runner vulnerable to Docker Command Escaping
GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...
CVE-2022-39321 GitHub Actions Runner vulnerable to Docker Command Escaping
GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...
GitHub Actions Runner 操作系统命令注入漏洞
GitHub Actions Runner is an application that runs jobs from a GitHub Actions workflow. A security vulnerability exists in GitHub Actions Runner that stems from the presence of a logic error that allows input to escape an environment variable and directly modify that docker command call, Jobs that...
CVE-2022-39326
CVE-2022-39326 affects the kartverket/github-workflows repository's run-terraform reusable workflow. Before version 2.7.5, a malicious pull request could inject code that executes arbitrary JavaScript in the workflow context. Impact is described as code execution within the GitHub Actions workflo...
CVE-2022-39321
The CVE-2022-39321 vulnerability affects GitHub Actions Runner: a logic bug in how the environment is encoded into docker invocations allowed input to escape environment variables and modify docker commands. Affected versions prior to patch are 2.296.2, 2.293.1, 2.289.4, 2.285.2, and 2.283.4. Pat...
PT-2022-24898 · Github · Github Actions Runner
Name of the Vulnerable Software and Affected Versions: GitHub Actions Runner versions prior to 2.296.2 GitHub Actions Runner versions prior to 2.293.1 GitHub Actions Runner versions prior to 2.289.4 GitHub Actions Runner versions prior to 2.285.2 GitHub Actions Runner versions prior to 2.283.4...
CVE-2022-39326 kartverket/github-workflows's run-terraform allows for RCE via terraform plan
kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...
SUSE SLED15 / SLES15 Security Update : cosign (SUSE-SU-2022:3486-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3486-1 advisory. - Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versio...
CVE-2022-36056
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...
Design/Logic Flaw
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...
CVE-2022-36056
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...
CVE-2022-36056 Vulnerabilities with blob verification in sigstore cosign
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...
CVE-2022-36056 Vulnerabilities with blob verification in sigstore cosign
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...
nuclei-templates
This is a GitHub repository for a community-curated list of templates for the Nuclei engine to find security vulnerabilities in applications. The repository contains various templates for the scanner provided by the team and contributed by the community. The templates are stored in the...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...
CVE-2022-35954
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...
Design/Logic Flaw
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...
CVE-2022-35954 Delimiter injection vulnerability in @actions/core exportVariable
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...
CVE-2022-35954 Delimiter injection vulnerability in @actions/core exportVariable
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...