PT-2023-28585 · Unknown · Automataci
Corygalyna
·
Published
2023-09-22
·
Updated
2023-09-26
·
CVE-2023-42798
CVSS v3.1
8.2
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AutomataCI versions 1.4.1 and below
Description
An issue in AutomataCI can let a release job reset the git root repository to the first commit. This is a concern for versions prior to 1.5.0. To mitigate this, ensure the
PROJECT PATH RELEASE directory is manually and properly git cloned, making it a separate repository from the root.Recommendations
For versions 1.4.1 and below, update to version 1.5.0 to resolve the issue.
As a temporary workaround, consider manually and properly
git cloning the PROJECT PATH RELEASE directory to make it a different git repository from the root git repository.Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Automataci