Lucene search
K

10 matches found

Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-13540 GitBucket RepositoryCreationService.scala Git.cloneRepository.setURI server-side request forgery

A security flaw has been discovered in GitBucket up to 4.46.1. This affects the function Git.cloneRepository.setURI of the file src/main/scala/gitbucket/core/service/RepositoryCreationService.scala. Performing a manipulation of the argument url results in server-side request forgery. The attack i...

6.5CVSS0.00227EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2897

Malicious code in bioql PyPI...

9.1CVSS6.5AI score0.00519EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2024/09/19 1:17 p.m.14 views

CVE-2024-8986

A flaw was found in grafana-plugin-sdk-go package. The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository UR...

5.5CVSS6.9AI score0.00519EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/09/19 12:31 p.m.31 views

Grafana plugin SDK Information Leakage

The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository URI for instance, to allow for fetching of private...

9.1CVSS7.3AI score0.00519EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/09/19 12:31 p.m.11 views

GHSA-XXXW-3J6H-Q7H6 Grafana plugin SDK Information Leakage

The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository URI for instance, to allow for fetching of private...

9.1CVSS6.2AI score0.00519EPSS
Exploits0References5
CVE
CVE
added 2024/09/19 10:57 a.m.70 views

CVE-2024-8986

CVE-2024-8986 is tied to Grafana’s grafana-plugin-sdk-go which embeds build metadata in binaries, including the repository URL obtained via git remote get-url origin. If credentials are present in that URL, the final binary may contain the full URI with credentials, creating a risk of credential ...

9.1CVSS6.8AI score0.00519EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/19 10:57 a.m.38 views

CVE-2024-8986 Information Leakage in grafana-plugin-sdk-go

The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository URI for instance, to allow for fetching of private...

9.1CVSS0.00519EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/04/04 12:0 a.m.166 views

Atlassian Fisheye for Windows < 4.4.6, 4.5.x < 4.5.3 Remote Code Execution Vulnerability

According to its self-reported version, the installation of Atlassian Fisheye running on the remote Windows host is prior to 4.4.6 or 4.5.x prior to 4.5.3. It is, therefore, affected by a remote command execution vulnerability due to improper sanitization of characters in a Mercurial repository U...

7.2CVSS7.7AI score0.02203EPSS
Exploits1References2
Prion
Prion
added 2018/03/29 1:29 p.m.16 views

Design/Logic Flaw

Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on systems that run...

6.5CVSS7.1AI score0.02203EPSS
Exploits1References5Affected Software2
Atlassian
Atlassian
added 2018/03/08 4:18 a.m.43 views

Argument injection through Mercurial repository uri handling on Windows - CVE-2018-5224

Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to do one or more of the following: create a repository in Bamboo edit an existing plan in Bamboo that has a...

9CVSS3.1AI score0.02822EPSS
Exploits1
Rows per page
Query Builder