12 matches found
CVE-2026-41010
ReleaseJobunpack builds jobdir = File.join@releasedir, 'jobs', name and jobtgz = File.join@releasedir, 'jobs', "name.tgz" where name returns @jobmeta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then interpolat...
CVE-2026-41010
ReleaseJobunpack builds jobdir = File.join@releasedir, 'jobs', name and jobtgz = File.join@releasedir, 'jobs', "name.tgz" where name returns @jobmeta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then interpolat...
CVE-2026-41010
ReleaseJobunpack builds jobdir = File.join@releasedir, 'jobs', name and jobtgz = File.join@releasedir, 'jobs', "name.tgz" where name returns @jobmeta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then interpolat...
CVE-2026-41010
The CVE describes a shell command-injection in BOSH Director during ReleaseJob#unpack: the code constructs a shell command using a name value taken verbatim from attacker-supplied release.MF and interpolates it into tar -C … -xf …, then executes via /bin/sh -c. Although the directory is created w...
PT-2026-46136
ReleaseJobunpack builds job dir = File.join@release dir, 'jobs', name and job tgz = File.join@release dir, 'jobs', "name.tgz" where name returns @job meta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then...
Cloud Foundry BOSH Director 安全漏洞
Cloud Foundry BOSH Director is a cloud infrastructure deployment and lifecycle management platform developed by the US Cloud Foundry company. All versions of Cloud Foundry BOSH Director, as well as previous versions, have security vulnerabilities. These vulnerabilities stem from the use of the na...
CVE-2023-42798
AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the PROJECTPATHRELEA...
CVE-2023-42798
AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the PROJECTPATHRELEA...
CVE-2023-42798 AutomataCI Release Job Can Revert Repo to First Commit
AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the PROJECTPATHRELEA...
CVE-2023-42798
AutomataCI is exposed to a release-job issue in 1.4.1 and earlier where the release job can reset the repo root to the very first commit. A fix exists in version 1.5.0. The recommended workaround is to ensure the PROJECT_PATH_RELEASE (e.g., releases/) directory is manually and actually git-cloned...
CVE-2023-42798 AutomataCI Release Job Can Revert Repo to First Commit
AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the PROJECTPATHRELEA...
AutomataCI Input Validation Error Vulnerability
AutomataCI is a template git repository by the individual developer HollowayKeanHo. An input validation error vulnerability exists in AutomataCI 1.4.1 and earlier versions, which stems from allowing the release job function to reset the git root repository...