exploitDog

CVE-2020-14189

Опубликовано: 09 нояб. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue comment.

Ссылки

https://github.com/atlassian/gajira-comment/security/advisories/GHSA-hj6w-pm28-h8hf
Third Party Advisory
https://github.com/atlassian/gajira-comment/security/advisories/GHSA-hj6w-pm28-h8hf
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:atlassian:jira_comment:*:*:*:*:*:*:*:*

Версия до 2.0.2 (исключая)

EPSS

Процентиль: 84%

0.02136

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

EPSS

Процентиль: 84%

0.02136

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Уязвимость CVE-2020-14189