GSA_kwCzR0hTQS00eHF4LXBxcGotOWZxd84AAvMB

Critical EPSS: 0.02462% (0.84517 Percentile) EPSS:

Permalink JSON

gajira-create GitHub action vulnerable to arbitrary code execution

Affected Packages	Affected Versions	Fixed Versions
actions:atlassian/gajira-create	< 2.0.1	2.0.1

Impact

An attacker can execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.

Patches

This issue is patched in gajira-create version 2.0.1.

Workarounds

There are no known workarounds.

References

GitHub Security Lab advisory GHSL-2020-172

References:

https://github.com/atlassian/gajira-create/security/advisories/GHSA-4xqx-pqpj-9fqw
https://nvd.nist.gov/vuln/detail/CVE-2020-14188
https://github.com/advisories/GHSA-4xqx-pqpj-9fqw

Identifiers

GHSA-4xqx-pqpj-9fqw

CVE-2020-14188

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.02462

EPSS Percentile: 0.84517

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/atlassian/gajira-create

Date and time

Published

almost 3 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories