13 matches found
EUVD-2023-1065
Malicious code in bioql PyPI...
CVE-2023-23939
Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This...
GHSA-P756-RFXH-X63H Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower
Impact This vulnerability only impacts versions v2 and lower. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This Kubectl tool installer runs fs.chmodSynckubectlPath, 777 to set...
Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower
Impact This vulnerability only impacts versions v2 and lower. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This Kubectl tool installer runs fs.chmodSynckubectlPath, 777 to set...
CVE-2023-23939
Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This...
Privilege escalation
Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This...
CVE-2023-23939 Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower
Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This...
CVE-2023-23939 Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower
Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This...
CVE-2023-23939
CVE-2023-23939 concerns the Azure/setup-kubectl GitHub Action (Kubectl installer). Affected versions prior to 3.0 suffer from insecure temporary file creation that makes the Kubectl binary world-writable, allowing any local actor on the Actions runner to replace it. The installer uses fs.chmodSyn...
Azure setup-kubectl 安全漏洞
setup-kubectl is a tool to install kubectl in Azure cloud. A security vulnerability exists in Azure setup-kubectl versions prior to 3.0. An attacker can escalate privileges by exploiting the vulnerability...
PT-2023-19310 · Microsoft · Azure/Setup-Kubectl
Name of the Vulnerable Software and Affected Versions: Azure/setup-kubectl versions prior to 3 Description: The issue arises from an insecure temporary creation of a file, allowing other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable...
Malicious code in setup-kubectl-action (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d762845821324e1b8cd4eef7102615a636294d5d6f635c8f754d7ed87077f28e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6039 Malicious code in setup-kubectl-action (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d762845821324e1b8cd4eef7102615a636294d5d6f635c8f754d7ed87077f28e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...