2 matches found
Insecure Variable Substitution
github.com/go-vela/server is vulnerable to Insecure Variable Substitution. This vulnerability is due to the use of variable substitution combined with insensitive fields such as parameters, image, and entrypoint in Vela pipelines. The vulnerability allows an attacker to bypass log masking and...
PT-2024-22351 · Vela · Vela
Name of the Vulnerable Software and Affected Versions: Vela versions prior to 0.23.2 Description: Vela pipelines can use variable substitution combined with insensitive fields like parameters, image, and entrypoint to inject secrets into a plugin/image and bypass log masking, exposing secrets...