curl: Internal application wrapper or script using curl

While -guid is not a standard or documented curl command, a Command Injection or Argument Injection vulnerability within a specific application that wraps curl. Security Analysis: curl -guid -url example.com 1. Status of the "-guid" FlagUndocumented/Non-existent: The official curl binary does not...

CVE-2021-32638

Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing the GitHub token as a command-line parameter to the process instead ...

PT-2020-15478 · Jenkins · Jenkins Blue Ocean Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Blue Ocean Plugin versions 1.23.2 and earlier Description: The issue concerns an undocumented feature flag that allows an attacker with specific permissions to read arbitrary files on the Jenkins controller file system. The flag...