MidnightBSD

Advisories for hollowaykeanho

CVE-2023-42798

AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the `PROJECT_PATH_RELEASE` (e.g. `releases/`) directory is manually and actually `git cloned` properly, making it a different git repostiory from the root git repository.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2
security-advisories@github.com 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H 1.8 5.8

Products Affected

Vendor Product Version
hollowaykeanho automataci *