Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2023-1011

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.01026EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2023/03/09 12:15 a.m.43 views

CVE-2023-26054

A flaw was found in the moby buildkit. When a build is performed under specific conditions where credentials were passed to BuildKit, it may be visible to everyone with access to provenance attestation...

6.5CVSS6.2AI score0.01026EPSS
Exploits1References4
OSV
OSV
added 2023/03/07 8:9 p.m.43 views

GHSA-GC89-7GCR-JXQC Buildkit credentials inlined to Git URLs could end up in provenance attestation

When the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1 Invoking build directly from a URL...

6.5CVSS7AI score0.01026EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2023/03/07 8:9 p.m.32 views

Buildkit credentials inlined to Git URLs could end up in provenance attestation

When the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1 Invoking build directly from a URL...

6.5CVSS6.1AI score0.01026EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2023/03/06 7:15 p.m.25 views

CVE-2023-26054

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

6.5CVSS6.8AI score0.01026EPSS
Exploits1References5
Prion
Prion
added 2023/03/06 7:15 p.m.19 views

Race condition

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

4.3CVSS6.5AI score0.01026EPSS
Exploits1References5Affected Software1
UbuntuCve
UbuntuCve
added 2023/03/06 7:15 p.m.27 views

CVE-2023-26054

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

6.5CVSS6.7AI score0.01026EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/03/06 6:5 p.m.7 views

CVE-2023-26054 Credentials inlined to Git URLs could end up in provenance attestation in BuildKit

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

6.5CVSS6.4AI score0.01026EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/03/06 6:5 p.m.43 views

CVE-2023-26054 Credentials inlined to Git URLs could end up in provenance attestation in BuildKit

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

6.5CVSS7.5AI score0.01026EPSS
Exploits1References5
OSV
OSV
added 2023/03/06 6:5 p.m.23 views

CVE-2023-26054 Credentials inlined to Git URLs could end up in provenance attestation in BuildKit

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

6.5CVSS6.3AI score0.01026EPSS
Exploits1References7
CVE
CVE
added 2023/03/06 6:5 p.m.220 views

CVE-2023-26054

BuildKit's CVE-2023-26054 vulnerability occurs when a build request includes a Git URL containing credentials and BuildKit creates a provenance attestation; the credentials could be exposed to anyone with access to the attestation. This affects builds using provenance attestations and VCS hints i...

6.5CVSS6.6AI score0.01026EPSS
Exploits1References5Affected Software1
AlpineLinux
AlpineLinux
added 2023/03/06 6:5 p.m.56 views

CVE-2023-26054

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

6.5CVSS7.4AI score0.01026EPSS
Exploits1
Rows per page
Query Builder