Lucene search
K

6 matches found

UbuntuCve
UbuntuCve
added 2026/05/14 6:16 p.m.7 views

CVE-2026-44544

gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. gittuf determines the policy to load by inspecting the RSL. Except...

4.9CVSS5.8AI score0.00198EPSS
Exploits0References3
OSV
OSV
added 2026/05/14 6:16 p.m.8 views

UBUNTU-CVE-2026-44544

gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. gittuf determines the policy to load by inspecting the RSL. Except...

4.9CVSS5.8AI score0.00198EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/14 5:34 p.m.36 views

CVE-2026-44544 gittuf: Policy can be rolled back to prior valid version

gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. gittuf determines the policy to load by inspecting the RSL. Except...

4.9CVSS0.00198EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/07 3:34 a.m.7 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the RSL policy validation. An attacker can revert the system to a previous trusted state by creating a new Reference State Log entry that references an older policy, provided it i...

6CVSS5.8AI score0.00198EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 3:34 a.m.5 views

GHSA-VXVC-CG7J-RWQJ gittuf's policy can be rolled back to prior valid versions

Summary An attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. Impact gittuf determines the policy to load by inspecting the RSL. Except for the very first policy which is automatically...

6CVSS5.7AI score0.00198EPSS
Exploits0References4
OSV
OSV
added 2024/12/02 5:15 p.m.2 views

GHSA-4CX5-89VM-833X veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability

Impact Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. Patches We are currently working on a patch that will be released when ready. Workarounds This doesn't affect the standa...

2.3CVSS6.4AI score0.01063EPSS
Exploits0References4
Rows per page
Query Builder