Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli

...

GO-2024-3296 Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli

Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli...

AZL-53477 CVE-2024-53858 affecting package gh for versions less than 2.62.0-5

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

AZL-53759 CVE-2024-53858 affecting package gh for versions less than 2.13.0-24

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

UBUNTU-CVE-2024-53858

The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

CVE-2024-53858

CVE-2024-53858 affects the gh CLI (GitHub CLI) and can leak authentication tokens when cloning repositories that contain git submodules hosted outside GitHub.com/ghe.com. The root cause is that certain gh commands (e.g., gh repo clone, gh repo fork, gh pr checkout) invoke git in a way that retrie...

PT-2024-35956

Name of the Vulnerable Software and Affected Versions: go-gh versions prior to 2.11.1 Description: A security issue has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. go-gh sources authentication tokens from...

go-gh 信息泄露漏洞

go-gh is a collection of Go modules open sourced from the GitHub CLI. It is used to interact with gh and GitHub APIs from the command line. An information disclosure vulnerability exists in go-gh versions prior to 2.11.1, which stems from the possibility of disclosing authentication tokens used f...

GO-2024-2863 wolfictl leaks GitHub tokens to remote non-GitHub git servers in github.com/wolfi-dev/wolfictl

wolfictl leaks GitHub tokens to remote non-GitHub git servers in github.com/wolfi-dev/wolfictl...

wolfictl 安全漏洞

wolfictl is a Wolfictl open source command line tool for use with Wolfi. A security vulnerability exists in Wolfictl versions prior to 0.16.10, which stems from a GitHub token that could be leaked to a remote non-GitHub git server...

CVE-2021-32638

CVE-2021-32638 concerns Github CodeQL runner/CodeQL Action used in non-GitHub CI environments, where a GitHub access token supplied via the --github-auth flag could be exposed to other processes through system output (e.g., ps). The issue is resolved by deprecating --github-auth and using secure ...