Lucene search
K

19 matches found

nvd
nvd
added 2026/04/30 10:16 p.m.5 views

CVE-2026-7551

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...

8.8CVSS0.00649EPSS
Exploits1References3
euvd
euvd
added 2026/04/30 9:29 p.m.5 views

EUVD-2026-26451

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...

8.8CVSS6.7AI score0.00649EPSS
Exploits1References3
cvelist
cvelist
added 2026/04/30 9:29 p.m.34 views

CVE-2026-7551 HKUDS OpenHarness Remote Command Execution via /bridge Slash Command

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...

8.8CVSS0.00649EPSS
Exploits1References3
snyk
snyk
added 2026/02/06 6:52 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the PutContents function accessible via the /repos/:owner/:repo/contents/ endpoint. A user with read permissions can modify repository contents via git push. Remediation Upgrade gogs.io/gogs/internal/database to...

7.1CVSS5.5AI score0.00282EPSS
Exploits0References2
snyk
snyk
added 2026/02/06 6:52 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the PutContents function accessible via the /repos/:owner/:repo/contents/ endpoint. A user with read permissions can modify repository contents via git push. Remediation Upgrade...

7.1CVSS5.5AI score0.00282EPSS
Exploits0References2
snyk
snyk
added 2026/02/06 6:52 p.m.2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the PutContents function accessible via the /repos/:owner/:repo/contents/ endpoint. A user with read permissions can modify repository contents via git push. Remediation Upgrade...

7.1CVSS5.5AI score0.00282EPSS
Exploits0References2
osv
osv
added 2026/02/06 5:43 p.m.4 views

CVE-2026-23632 Gogs user can update repository content with read-only permission

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, the endpoint "PUT /repos/:owner/:repo/contents/" does not require write permissions and allows access with read permission only via repoAssignment. After passing the permission check, PutContents invokes UpdateRepoFile,...

6.5CVSS5.6AI score0.00282EPSS
Exploits0References3
cve
cve
added 2026/02/06 5:43 p.m.24 views

CVE-2026-23632

CVE-2026-23632 (Gogs) : A bug in Gogs prior to 0.13.4 allows a token with read permission to modify repository contents via the PUT /repos/:owner/:repo/contents/* endpoint. After repoAssignment() passes, PutContents() calls UpdateRepoFile(), leading to commit creation and git push, enabling unaut...

6.5CVSS5.6AI score0.00282EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/02/06 12:0 a.m.5 views

PT-2026-6852

Vulnerability Description The endpoint PUT /repos/:owner/:repo/contents/ does not require write permissions and allows access with read permission only via repoAssignment. After passing the permission check, PutContents invokes UpdateRepoFile, which results in: Commit creation Execution of git pu...

6.5CVSS6AI score0.00282EPSS
Exploits0References6
cnnvd
cnnvd
added 2023/12/01 12:0 a.m.5 views

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. GitLab suffers from a security vulnerability that stems from the fact that und...

7.5CVSS6.9AI score0.00546EPSS
Exploits0References3
redhat
redhat
added 2023/01/12 4:49 p.m.7 views

plugin: Mercurial SCM plugin can check out from the controller file system

A flaw was found in the Jenkins plugin. Affected versions of the Jenkins Mercurial Plugin allow attackers who can configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system. This is accomplished by using local paths as SCM URLs, obtaining limited...

7.5CVSS5.8AI score0.01382EPSS
Exploits0References5
cnnvd
cnnvd
added 2022/08/31 12:0 a.m.5 views

多款 GitLab 产品 安全漏洞

GitLab is an open source end-to-end software development platform from GitLab Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab Community Edition CE and GitLab...

6.5CVSS6.9AI score0.00941EPSS
Exploits0References5
attackerkb
attackerkb
added 2022/05/17 3:15 p.m.3 views

CVE-2022-30948

Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents...

7.5CVSS7.1AI score0.01382EPSS
Exploits0References3
redhat
redhat
added 2022/03/29 7:5 a.m.5 views

workflow-cps-global-lib: OS command execution through crafted SCM contents

A flaw was found in Jenkins. The JenkinsPipeline: Shared Groovy Libraries uses the same checkout directories for distinct SCMs for Pipeline libraries. This flaw allows attackers with item/configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This...

8.8CVSS5.9AI score0.01443EPSS
Exploits0References4
redhat
redhat
added 2022/02/25 1:4 a.m.5 views

jenkins-2-plugins/docker-commons: does not sanitize the name of an image or a tag which could result in an OS command execution

An OS command execution vulnerability was found in the Jenkins Docker Commons plugin. Due to a lack of sanitization in the name of an image or a tag, an attacker with Item/Configure permission or the ability to control the contents of a previously configured job’s SCM repository may be able to...

8.8CVSS5.9AI score0.02277EPSS
Exploits0References5
nvd
nvd
added 2017/10/05 1:29 a.m.30 views

CVE-2017-1000106

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue...

8.5CVSS8.4AI score0.00758EPSS
Exploits0References1
prion
prion
added 2007/11/14 1:46 a.m.12 views

Design/Logic Flaw

USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors...

5CVSS7.1AI score0.01442EPSS
Exploits0References6Affected Software1
nvd
nvd
added 2007/11/14 1:46 a.m.11 views

CVE-2007-5945

USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors...

5CVSS6.6AI score0.01442EPSS
Exploits0References6
cve
cve
added 2007/11/14 1:0 a.m.44 views

CVE-2007-5945

CVE-2007-5945 affects USVN prior to 0.6.5. The vulnerability allows remote attackers to obtain a list of repository contents via unspecified vectors, impacting confidentiality (partial). The available documents do not specify root cause details or a remediation/fix. Exploit specifics, affected co...

5CVSS6.6AI score0.01442EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder