CVE-2020-14189
CVE-2020-14189
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 2.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
09 Nov 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue comment.
Affected products
Atlassian · gajira-commentWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →