Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to bypass a symbolic link check for the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Buildkite Elastic CI Stack for AWS 安全漏洞
Vulnerability Description
Buildkite Elastic CI Stack for AWS是Buildkite公司的一个应用软件,可以提供私有、自动扩展的 Buildkite Agent集群。 Buildkite Elastic CI Stack for AWS 6.7.1之前版本、5.22.5 之前版本存在安全漏洞,该漏洞源于引入了 TOCTOU 竞争条件,允许攻击者绕过检查,导致权限升级。
CVSS Information
N/A
Vulnerability Type
N/A