You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server.
Atlantis logs contains GitHub credentials (tokens ghs_...) when they are rotated. This enables an attacker able to read these logs to impersonate Atlantis application and to perform actions on GitHub.
When Atlantis is used to administer a GitHub organization, this enables getting administration privileges on the organization.
Advisory GHSA-gppm-hq3p-h4rp references a vulnerability in the following Go modules:
Description:
Summary
Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server.
Atlantis logs contains GitHub credentials (tokens
ghs_...
) when they are rotated. This enables an attacker able to read these logs to impersonate Atlantis application and to perform actions on GitHub.When Atlantis is used to administer a GitHub organization, this enables getting administration privileges on the organization.
This was reported in https://github.com/runatl...
References:
Cross references:
See doc/quickstart.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: