漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Reject unauthorized access with GitHub PATs
Vulnerability Description
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. An authentication mechanism added in version 0.7.0 enables some malicious user to obtain secrets utilizing the injected credentials within the `~/.netrc` file. Refer to the referenced GitHub Security Advisory for complete details. This is fixed in version 0.7.5.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
Vulnerability Type
授权机制不恰当
Vulnerability Title
Github Vela 授权问题漏洞
Vulnerability Description
Github Vela是美国Github公司的一个应用程序。提供一个自动化框架。 Vela 0.7.5 存在授权问题漏洞,该漏洞源于身份验证机制使一些恶意用户能够利用注入到文件中的凭证获取秘密。
CVSS Information
N/A
Vulnerability Type
N/A