GO-2022-0812 Reject unauthorized access with GitHub PATs in github.com/go-vela/server

Reject unauthorized access with GitHub PATs in github.com/go-vela/server...

Reject unauthorized access with GitHub PATs

Impact What kind of vulnerability is it? Who is impacted? The additional auth mechanism added within https://github.com/go-vela/server/pull/246 enables some malicious user to obtain secrets utilizing the injected credentials within the /.netrc file. Steps to reproduce 1. Create Vela server 2. Log...

CVE-2021-21432 Reject unauthorized access with GitHub PATs

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. An authentication mechanism added in version 0.7.0 enables some malicious user to obtain secrets utilizing the injected credentials within the /.netrc file. Refer to the referenced GitHub Security...

USN-2871-1 Linux kernel vulnerability | Cloud Foundry

USN-2871-1 Linux kernel vulnerability High Vendor Ubuntu Versions Affected Ubuntu 14.04 Description Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cau...