1705 matches found
CVE-2023-23765
CVE-2023-23765 concerns GitHub Enterprise Server. The issue is an incorrect comparison vulnerability that allows commit smuggling by displaying an incorrect diff in a re-opened Pull Request. The exploitation condition requires the attacker to have write access to the affected repository. The avai...
PT-2023-19190 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server affected versions not specified Description: An incorrect comparison issue was identified that allows commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this, an attacker needs...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from allowing commit...
Design/Logic Flaw
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log...
CVE-2023-39348 Improper log output when using GitHub Status Notifications in spinnaker
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log...
CVE-2023-39348 Improper log output when using GitHub Status Notifications in spinnaker
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log...
PT-2023-23589
Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5 Description An Insecure Direct Object Reference IDOR vulnerability was found in the user update function, allowing an attacker to update another user's password by...
Contributor License Agreement assistant Security Vulnerabilities
Contributor License Agreement assistant CLA assistant is a Javascript-based contributor agreement management software from the cla-assistant team that integrates with Github. The software provides the ability to ask contributors to sign a CLA when they pull code. The Contributor License Agreement...
Existance of calendars and addressbooks can be checked by unauthenticated users
None...
Information Disclosure
gitlab is vulnerable to Information Disclosure. The vulnerability exists because the pull mirror credentials are exposed to the maintainers since they are stored in the plain-text...
The vulnerability of the extension for the Microsoft Visual Studio Code editor allows a hacker to execute arbitrary code.
The vulnerability of the editor extension for Microsoft Visual Studio Code’s GitHub Pull Requests and Issues extension is related to errors in processing input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
CVE-2023-23764
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server...
Spoofing
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server...
CVE-2023-23764 Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server...
CVE-2023-23764 Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server...
CVE-2023-34434 Apache InLong: JDBC URL bypassing by allowLoadLocalInfileInPath param
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8....
CVE-2023-34189 Apache InLong: General user can delete and update process
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. Users are advised to...
Admin user has an absolute power to withdraw all contract balance, which may raise red flags for investors
Lines of code Vulnerability details Impact Having rug-pull related code is always considered as a red flag for new investors. An admin, who's a single point of failure has access to withdraw function, which allows to withdraw the whole contract balance. Even if the owner is genuine the rug pull...
CVE-2023-36867
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability...
CVE-2023-36867
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability...