Errors returned by ghinstallation.Transport can include the JWT used for the failed operation. If the error is exposed to an untrusted party, this JWT could be extracted and used to authenticate furth ...
Continue Reading22 декабря, 2022
# CVE-2022-39304 ghinstallation provides transport, which imple...Read More ...
Continue Reading22 декабря, 2022
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading20 декабря, 2022
### Impact In ghinstallation v1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. https://github.com/bradleyfalzon/ghinstallatio ...
Continue Reading19 декабря, 2022
### Impact In ghinstallation v1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. https://github.com/bradleyfalzon/ghinstallatio ...
Continue Reading19 декабря, 2022
[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxH4ORvtpJZLry3tPrOdrXtg4IZ3wKmD5jgL1MF4dFmYha42IOKeYVKJFGtwOoacaOZreL3-rixcCank0fW1cBhkwYCBGBO00xJ7-dzulegHFExvvqvhbDjFhutjk13ODp8rcqFl ...
Continue Reading16 декабря, 2022
## Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.6. ## Vulnerability Details ** CVEID: **[CVE-2018-8023]() ** DESCRIPTION: **Apache Mesos could allow a remote ...
Continue Reading14 декабря, 2022
### Impact All authenticated Cube clients could bypass row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. ### Patches The change has been reverted in 0.31.24 ## ...
Continue Reading12 декабря, 2022
Back to Main