5 matches found
CVE-2022-39326
kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...
Code injection
kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...
CVE-2022-39326 kartverket/github-workflows's run-terraform allows for RCE via terraform plan
kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...
CVE-2022-39326 kartverket/github-workflows's run-terraform allows for RCE via terraform plan
kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...
GHSA-F9QJ-7GH3-MHJ4 run-terraform allows for RCE via terraform plan
Impact What kind of vulnerability is it? Who is impacted? All users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected. A malicious actor could potentially send a PR with a malicious payload leading to execution of arbitrary JavaScript code in the contex...