Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2025/03/15 6:30 a.m.31 views

tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs.

Summary A supply chain attack compromised the tj-actions/changed-files GitHub Action, impacting over 23,000 repositories. Attackers retroactively modified multiple version tags to reference a malicious commit, exposing CI/CD secrets in workflow logs. The vulnerability existed between March 14 and...

8.6CVSS8.8AI score0.41008EPSS
Exploits2References25Affected Software1
OSV
OSV
added 2025/03/15 6:30 a.m.10 views

GHSA-MRRH-FWG8-R2C3 tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs.

Summary A supply chain attack compromised the tj-actions/changed-files GitHub Action, impacting over 23,000 repositories. Attackers retroactively modified multiple version tags to reference a malicious commit, exposing CI/CD secrets in workflow logs. The vulnerability existed between March 14 and...

8.6CVSS8.8AI score0.41008EPSS
Exploits2References25
NVD
NVD
added 2025/03/15 6:15 a.m.11 views

CVE-2025-30066

tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code...

8.6CVSS0.41008EPSS
Exploits2References21
Positive Technologies
Positive Technologies
added 2021/12/16 12:0 a.m.2 views

PT-2021-24207 · Htcondor · Htcondor

Name of the Vulnerable Software and Affected Versions: HTCondor versions prior to 8.8.15 HTCondor versions 9.0.x prior to 9.0.4 HTCondor versions 9.1.x prior to 9.1.2 Description: An issue was discovered in HTCondor that allows a user with only READ access to an HTCondor SchedD or Collector daemo...

8.1CVSS7.8AI score0.00938EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2020/03/05 7:1 p.m.5 views

envoy: Incorrect Access Control when using SDS with Combined Validation Context

An access control bypass vulnerability was found in envoy. When the same TLS secret is used across multiple resources, the client's data, such as the subject alternative name or hash, is not validated. This flaw could lead to a possible bypass of security restrictions...

5.3CVSS7.1AI score0.013EPSS
Exploits0References5
Rows per page
Query Builder