CVE-2023-42798
HIGHhollowaykeanho/automataci < 1.5.0 - Git Repository Reset via Release Job
Title source: llmDescription
AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the `PROJECT_PATH_RELEASE` (e.g. `releases/`) directory is manually and actually `git cloned` properly, making it a different git repostiory from the root git repository.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/ChewKeanHo/AutomataCI/security/advisories/GHSA-6q23-vhhg-8h89
Issue Tracking, Patch x_refsource_misc
https://github.com/ChewKeanHo/AutomataCI/issues/93
Scores
CVSS v3
8.2
EPSS
0.0032
EPSS Percentile
24.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (1)
hollowaykeanho/automataci
< 1.5.0
Published
Sep 22, 2023
Tracked Since
Feb 18, 2026