Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Reject unauthorized access with GitHub PATs
Vulnerability Description
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. An authentication mechanism added in version 0.7.0 enables some malicious user to obtain secrets utilizing the injected credentials within the `~/.netrc` file. Refer to the referenced GitHub Security Advisory for complete details. This is fixed in version 0.7.5.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
Vulnerability Type
授权机制不恰当
Vulnerability Title
Github Vela 授权问题漏洞
Vulnerability Description
Github Vela是美国Github公司的一个应用程序。提供一个自动化框架。 Vela 0.7.5 存在授权问题漏洞,该漏洞源于身份验证机制使一些恶意用户能够利用注入到文件中的凭证获取秘密。
CVSS Information
N/A
Vulnerability Type
N/A