Lucene search
K

9 matches found

CISA
CISA
added 2025/03/26 12:0 p.m.4 views

Supply Chain Compromise of Third-Party tj-actions/changed-files (CVE-2025-30066) and reviewdog/action-setup@v1 (CVE-2025-30154)

A popular third-party GitHub Action, tj-actions/changed-files tracked as CVE-2025-30066link is external, was compromised. tj-actions/changed-files is designed to detect which files have changed in a pull request or commit. The supply chain compromise allows for information disclosure of secrets...

8.6CVSS7.1AI score0.41008EPSS
Exploits3References13
CISA
CISA
added 2025/03/24 12:0 p.m.4 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-30154link is external reviewdog action-setup GitHub Action Embedded Malicious Code Vulnerability These types of vulnerabilities are frequent attack vectors for...

8.6CVSS7.5AI score0.02296EPSS
In wildExploits2References6
RedhatCVE
RedhatCVE
added 2025/03/21 3:19 p.m.9 views

CVE-2025-30154

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use reviewdog/action-setup@v...

8.6CVSS7.4AI score0.02296EPSS
Exploits2References1
NVD
NVD
added 2025/03/19 4:15 p.m.15 views

CVE-2025-30154

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use reviewdog/action-setup@v...

8.6CVSS0.02296EPSS
Exploits2References6
Cvelist
Cvelist
added 2025/03/19 3:15 p.m.28 views

CVE-2025-30154 Multiple Reviewdog actions were compromised during a specific time period

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use reviewdog/action-setup@v...

8.6CVSS0.02296EPSS
Exploits2References5
CVE
CVE
added 2025/03/19 3:15 p.m.306 views

CVE-2025-30154

CVE-2025-30154 involves the GitHub Action reviewdog/action-setup@v1, which was compromised on 2025-03-11 (18:42–20:31 UTC). The malicious code dumps exposed secrets to GitHub Actions workflow logs. Related reviewdog actions that rely on action-setup@v1 (including action-shellcheck, action-composi...

8.6CVSS8.7AI score0.02296EPSS
In wildExploits2References6Affected Software6
OSV
OSV
added 2025/03/19 3:15 p.m.10 views

CVE-2025-30154 Multiple Reviewdog actions were compromised during a specific time period

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use reviewdog/action-setup@v...

8.6CVSS8.5AI score0.02296EPSS
Exploits2References8
ATTACKERKB
ATTACKERKB
added 2025/03/19 12:0 a.m.15 views

CVE-2025-30154

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use reviewdog/action-setup@v...

8.6CVSS7.4AI score0.02296EPSS
In wildExploits2References6
Wiz blog
Wiz blog
added 2025/03/17 9:28 p.m.34 views

New GitHub Action supply chain attack: reviewdog/action-setup

A supply chain attack on tj-actions/changed-files caused many repositories to leak their secrets over the weekend. Wiz Research has discovered an additional supply chain attack on reviewdog/actions-setup@v1, that may have contributed to the compromise of tj-actions/changed-files...

5.9AI score
Exploits0
Rows per page
Query Builder