github-workflows 安全漏洞

github-workflows is a shared reusable workflow for GitHub Actions for Kartverket individual developers. A security vulnerability exists in github-workflows that stems from a directory traversal in the downloadworkflow function in apiserver.py...

CVE-2022-39326

kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...

Code injection

kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...

CVE-2022-39326 kartverket/github-workflows's run-terraform allows for RCE via terraform plan

kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...

CVE-2022-39326 kartverket/github-workflows's run-terraform allows for RCE via terraform plan

kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...

CVE-2022-39326

CVE-2022-39326 affects the kartverket/github-workflows repository's run-terraform reusable workflow. Before version 2.7.5, a malicious pull request could inject code that executes arbitrary JavaScript in the workflow context. Impact is described as code execution within the GitHub Actions workflo...

GHSA-F9QJ-7GH3-MHJ4 run-terraform allows for RCE via terraform plan

Impact What kind of vulnerability is it? Who is impacted? All users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected. A malicious actor could potentially send a PR with a malicious payload leading to execution of arbitrary JavaScript code in the contex...

PT-2022-24901 · Github · Kartverket/Github-Workflows

Name of the Vulnerable Software and Affected Versions: kartverket/github-workflows versions prior to 2.7.5 Description: The issue is a code injection vulnerability that affects all users of the run-terraform reusable workflow from the kartverket/github-workflows repo. A malicious actor could...