Exposure of server configuration in github.com/go-vela/server

Impact What kind of vulnerability is it? Who is impacted? The ability to expose configuration set in the Vela server via pipeline template functionality. It impacts all users of Vela. Sample of template exposing server configuration using Sprig's env function: yaml metadata: template: true steps:...

GHSA-GV2H-GF8M-R68J Exposure of server configuration in github.com/go-vela/server

Impact What kind of vulnerability is it? Who is impacted? The ability to expose configuration set in the Vela server via pipeline template functionality. It impacts all users of Vela. Sample of template exposing server configuration using Sprig's env function: yaml metadata: template: true steps:...

Information Disclosure

github.com/go-vela/compiler is vulnerable to information disclosure. An attacker is able to obtain server configuration information using the Sprig's env function...

CVE-2020-26294

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela compiler before version 0.6.1 there is a vulnerability which allows exposure of server configuration. It impacts all users of Vela. An attacker can use Sprig's env function to retrieve...

Code injection

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela compiler before version 0.6.1 there is a vulnerability which allows exposure of server configuration. It impacts all users of Vela. An attacker can use Sprig's env function to retrieve...