Security Advisory

CVE-2021-21432

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-04-09 18:10:14

Last updated 2024-08-03 18:16:22

Assigner GitHub_M

State PUBLISHED

Description

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. An authentication mechanism added in version 0.7.0 enables some malicious user to obtain secrets utilizing the injected credentials within the `~/.netrc` file. Refer to the referenced GitHub Security Advisory for complete details. This is fixed in version 0.7.5.

← Browse all CVEs View on cve.org ↗