PT-2023-28585 · Unknown · Automataci

Corygalyna

Publicado

2023-09-22

Atualizado

2023-09-26

CVE-2023-42798

CVSS v3.1

8.2

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions AutomataCI versions 1.4.1 and below

Description An issue in AutomataCI can let a release job reset the git root repository to the first commit. This is a concern for versions prior to 1.5.0. To mitigate this, ensure the PROJECT PATH RELEASE directory is manually and properly git cloned, making it a separate repository from the root.

Recommendations For versions 1.4.1 and below, update to version 1.5.0 to resolve the issue. As a temporary workaround, consider manually and properly git cloning the PROJECT PATH RELEASE directory to make it a different git repository from the root git repository.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2023-42798

GHSA-6Q23-VHHG-8H89

Produtos afetados

Automataci

PT-2023-28585 · Unknown · Automataci

CVE-2023-42798

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8