Search criteria
3 vulnerabilities found for automataci by hollowaykeanho
FKIE_CVE-2023-42798
Vulnerability from fkie_nvd - Published: 2023-09-22 16:15 - Updated: 2024-11-21 08:23
Severity ?
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the `PROJECT_PATH_RELEASE` (e.g. `releases/`) directory is manually and actually `git cloned` properly, making it a different git repostiory from the root git repository.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hollowaykeanho | automataci | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hollowaykeanho:automataci:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38ABEABE-2FD7-4B8C-B5B2-DDC892D2CE75",
"versionEndExcluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the `PROJECT_PATH_RELEASE` (e.g. `releases/`) directory is manually and actually `git cloned` properly, making it a different git repostiory from the root git repository."
},
{
"lang": "es",
"value": "AutomataCI es un repositorio de plantillas git equipado con herramientas de CI semiaut\u00f3nomas integradas nativas. Un problema en las versiones 1.4.1 y anteriores puede permitir que un trabajo de lanzamiento restablezca el repositorio ra\u00edz de git al primer commit. La versi\u00f3n 1.5.0 tiene un parche para este problema. Como workaround, aseg\u00farese de que el directorio `PROJECT_PATH_RELEASE` (por ejemplo, `releases/`) est\u00e9 manual y realmente `git clonado` correctamente, convirti\u00e9ndolo en un repositorio de git diferente del repositorio ra\u00edz de git."
}
],
"id": "CVE-2023-42798",
"lastModified": "2024-11-21T08:23:10.653",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.8,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-22T16:15:09.753",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/ChewKeanHo/AutomataCI/issues/93"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/ChewKeanHo/AutomataCI/security/advisories/GHSA-6q23-vhhg-8h89"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/ChewKeanHo/AutomataCI/issues/93"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/ChewKeanHo/AutomataCI/security/advisories/GHSA-6q23-vhhg-8h89"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-42798 (GCVE-0-2023-42798)
Vulnerability from cvelistv5 – Published: 2023-09-22 15:13 – Updated: 2024-09-24 14:29
VLAI?
Title
AutomataCI Release Job Can Revert Repo to First Commit
Summary
AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the `PROJECT_PATH_RELEASE` (e.g. `releases/`) directory is manually and actually `git cloned` properly, making it a different git repostiory from the root git repository.
Severity ?
8.2 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ChewKeanHo | AutomataCI |
Affected:
< 1.5.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:30:24.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ChewKeanHo/AutomataCI/security/advisories/GHSA-6q23-vhhg-8h89",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ChewKeanHo/AutomataCI/security/advisories/GHSA-6q23-vhhg-8h89"
},
{
"name": "https://github.com/ChewKeanHo/AutomataCI/issues/93",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ChewKeanHo/AutomataCI/issues/93"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42798",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:16:22.777469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:29:01.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AutomataCI",
"vendor": "ChewKeanHo",
"versions": [
{
"status": "affected",
"version": "\u003c 1.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the `PROJECT_PATH_RELEASE` (e.g. `releases/`) directory is manually and actually `git cloned` properly, making it a different git repostiory from the root git repository."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T15:13:48.283Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ChewKeanHo/AutomataCI/security/advisories/GHSA-6q23-vhhg-8h89",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ChewKeanHo/AutomataCI/security/advisories/GHSA-6q23-vhhg-8h89"
},
{
"name": "https://github.com/ChewKeanHo/AutomataCI/issues/93",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ChewKeanHo/AutomataCI/issues/93"
}
],
"source": {
"advisory": "GHSA-6q23-vhhg-8h89",
"discovery": "UNKNOWN"
},
"title": "AutomataCI Release Job Can Revert Repo to First Commit"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-42798",
"datePublished": "2023-09-22T15:13:48.283Z",
"dateReserved": "2023-09-14T16:13:33.306Z",
"dateUpdated": "2024-09-24T14:29:01.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42798 (GCVE-0-2023-42798)
Vulnerability from nvd – Published: 2023-09-22 15:13 – Updated: 2024-09-24 14:29
VLAI?
Title
AutomataCI Release Job Can Revert Repo to First Commit
Summary
AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the `PROJECT_PATH_RELEASE` (e.g. `releases/`) directory is manually and actually `git cloned` properly, making it a different git repostiory from the root git repository.
Severity ?
8.2 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ChewKeanHo | AutomataCI |
Affected:
< 1.5.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:30:24.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ChewKeanHo/AutomataCI/security/advisories/GHSA-6q23-vhhg-8h89",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ChewKeanHo/AutomataCI/security/advisories/GHSA-6q23-vhhg-8h89"
},
{
"name": "https://github.com/ChewKeanHo/AutomataCI/issues/93",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ChewKeanHo/AutomataCI/issues/93"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42798",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:16:22.777469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:29:01.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AutomataCI",
"vendor": "ChewKeanHo",
"versions": [
{
"status": "affected",
"version": "\u003c 1.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the `PROJECT_PATH_RELEASE` (e.g. `releases/`) directory is manually and actually `git cloned` properly, making it a different git repostiory from the root git repository."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-22T15:13:48.283Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ChewKeanHo/AutomataCI/security/advisories/GHSA-6q23-vhhg-8h89",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ChewKeanHo/AutomataCI/security/advisories/GHSA-6q23-vhhg-8h89"
},
{
"name": "https://github.com/ChewKeanHo/AutomataCI/issues/93",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ChewKeanHo/AutomataCI/issues/93"
}
],
"source": {
"advisory": "GHSA-6q23-vhhg-8h89",
"discovery": "UNKNOWN"
},
"title": "AutomataCI Release Job Can Revert Repo to First Commit"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-42798",
"datePublished": "2023-09-22T15:13:48.283Z",
"dateReserved": "2023-09-14T16:13:33.306Z",
"dateUpdated": "2024-09-24T14:29:01.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}