12 matches found
CVE-2025-68267
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...
CVE-2025-68267
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...
CVE-2025-68267
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...
EUVD-2025-203763
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...
CVE-2025-68267
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...
CVE-2025-68267
CVE-2025-68267 affects JetBrains TeamCity versions prior to 2025.11.1. Root cause: TeamCity stored a GitHub personal access token instead of an installation token, enabling excessive privileges. Documented impact in connected Nessus advisory (multiple vulnerabilities for pre-2025.11.1). Remediati...
CVE-2025-68267
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...
PT-2025-51718
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token...
CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token
Exploit Title: CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token Date: 30/11/2022 Exploit Author: Walter Oberacher, Raffaele Nacca, Davide Bianchin, Fortunato Lodari, Luca Bernardi Deda Cloud Cybersecurity Team Vendor Homepage: https://www.crowdstrike.com/ Author Homepage...
CVE-2022-39304 ghinstallation returns app JWT in error responses
ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. The request...
Information Disclosure
github.com/bradleyfalzon/ghinstallation is vulnerable to information disclosure. The vulnerability exists in the refreshToken function of transport.go, when the request to refresh an installation token fails, it allows an attacker to gain sensitive information through the error message...
ghinstallation 安全漏洞
ghinstallation is a library for Bradley Falzon Personal Developers. Authentication is performed as an installation workflow. A security vulnerability exists in ghinstallation versions prior to 2.0.0, which stems from a short-lived token that returns an HTTP request and response for debugging when...