CVE-2023-42798

{"id": "CVE-2023-42798", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.8, "exploitabilityScore": 1.8}]}, "published": "2023-09-22T16:15:09.753", "references": [{"url": "https://github.com/ChewKeanHo/AutomataCI/issues/93", "tags": ["Issue Tracking", "Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ChewKeanHo/AutomataCI/security/advisories/GHSA-6q23-vhhg-8h89", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the `PROJECT_PATH_RELEASE` (e.g. `releases/`) directory is manually and actually `git cloned` properly, making it a different git repostiory from the root git repository."}, {"lang": "es", "value": "AutomataCI es un repositorio de plantillas git equipado con herramientas de CI semiaut\u00f3nomas integradas nativas. Un problema en las versiones 1.4.1 y anteriores puede permitir que un trabajo de lanzamiento restablezca el repositorio ra\u00edz de git al primer commit. La versi\u00f3n 1.5.0 tiene un parche para este problema. Como workaround, aseg\u00farese de que el directorio `PROJECT_PATH_RELEASE` (por ejemplo, `releases/`) est\u00e9 manual y realmente `git clonado` correctamente, convirti\u00e9ndolo en un repositorio de git diferente del repositorio ra\u00edz de git."}], "lastModified": "2023-09-26T14:34:42.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hollowaykeanho:automataci:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38ABEABE-2FD7-4B8C-B5B2-DDC892D2CE75", "versionEndExcluding": "1.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}