5 matches found
tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs.
Summary A supply chain attack compromised the tj-actions/changed-files GitHub Action, impacting over 23,000 repositories. Attackers retroactively modified multiple version tags to reference a malicious commit, exposing CI/CD secrets in workflow logs. The vulnerability existed between March 14 and...
GHSA-MRRH-FWG8-R2C3 tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs.
Summary A supply chain attack compromised the tj-actions/changed-files GitHub Action, impacting over 23,000 repositories. Attackers retroactively modified multiple version tags to reference a malicious commit, exposing CI/CD secrets in workflow logs. The vulnerability existed between March 14 and...
CVE-2025-30066
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code...
PT-2021-24207 · Htcondor · Htcondor
Name of the Vulnerable Software and Affected Versions: HTCondor versions prior to 8.8.15 HTCondor versions 9.0.x prior to 9.0.4 HTCondor versions 9.1.x prior to 9.1.2 Description: An issue was discovered in HTCondor that allows a user with only READ access to an HTCondor SchedD or Collector daemo...
envoy: Incorrect Access Control when using SDS with Combined Validation Context
An access control bypass vulnerability was found in envoy. When the same TLS secret is used across multiple resources, the client's data, such as the subject alternative name or hash, is not validated. This flaw could lead to a possible bypass of security restrictions...