Execution with Unnecessary Privileges

Property
Languagepython
Severitymedium
CWECWE-250: Execution with Unnecessary Privileges
Confidence LevelLow
Impact LevelHigh
Likelihood LevelLow

Description

The code runs or creates Docker containers using user-provided input without validating or restricting what images or commands can be executed. This allows untrusted data to control which containers are started.

Impact

An attacker could use this vulnerability to run arbitrary containers, potentially executing malicious code on the host, accessing sensitive data, or escalating privileges. This could compromise the entire system and affect other applications running on the same host.

Exposed Dangerous Method or Function

Property
Languageyaml
Severitymedium
CWECWE-749: Exposed Dangerous Method or Function
OWASPA06:2017 - Security Misconfiguration
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelLow

Description

Enabling the ACTIONS_ALLOW_UNSECURE_COMMANDS environment variable in GitHub Actions allows the use of deprecated set-env and add-path commands, which are vulnerable to injection attacks. This makes it possible for attackers to manipulate environment variables in your workflow.

Impact

If exploited, an attacker could alter environment variables or the system path, potentially executing unauthorized code, stealing sensitive data, or compromising your CI/CD pipeline. This could lead to code theft, exposure of secrets, or broader system compromise.

Exposed port out of range

Property
Languageterraform
Severitycritical

Description

The configuration exposes a network port with a value outside the valid UNIX range (0-65535). Such invalid port numbers are not recognized by operating systems and can cause deployment failures or unpredictable behavior.

Impact

Using an out-of-range port can prevent services from starting correctly, disrupt connectivity, and introduce instability in network configurations. This misconfiguration can lead to denial of service or application downtime, impacting availability and reliability.

Exposure of Information Through Directory Listing

Property
Languagecsharp
Severitymedium
CWECWE-548: Exposure of Information Through Directory Listing
OWASPA06:2017 - Security Misconfiguration
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelLow

Description

The application enables directory browsing, which lets anyone view the contents of server directories through a web browser. This configuration can unintentionally expose sensitive files or internal code to users who should not have access.

Impact

If exploited, attackers could access and download files that were not meant to be public, such as configuration files, backups, or source code. This could lead to data leaks, further attacks, or the compromise of sensitive information and internal operations.

Exposure of Information Through Directory Listing

Property
Languagego
Severitymedium
CWECWE-548: Exposure of Information Through Directory Listing
OWASPA06:2017 - Security Misconfiguration
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelMedium

Description

Using http.FileServer as a handler in Go exposes directory contents to anyone with access to the server. This allows users to browse all files in the served directory, which may unintentionally reveal sensitive files.

Impact

If exploited, attackers can view or download files not meant for public access, such as configuration files, credentials, or source code. This can lead to data leaks, information disclosure, and further attacks against your system.

Exposure of Information Through Directory Listing

Property
Languagejavascript
Severityhigh
CWECWE-548: Exposure of Information Through Directory Listing
OWASPA06:2017 - Security Misconfiguration
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelHigh

Description

The application enables directory listing, which lets users view all files and folders within a directory over the web. This can accidentally expose sensitive files or directories that should remain hidden.

Impact

Attackers could browse and access confidential files, source code, environment variables, or backups, leading to information disclosure, data leaks, or further attacks against the application and its users.

Exposure of Resource to Wrong Sphere

Property
Languagepython
Severitymedium
CWECWE-668: Exposure of Resource to Wrong Sphere
OWASPA01:2021 - Broken Access Control
Confidence LevelMedium
Impact LevelMedium
Likelihood LevelLow

Description

Calling app.run() at the top level of a Flask application (outside of a main guard or function) can cause the server to start unintentionally when the module is imported, not just when executed directly. This can lead to the app running in the wrong context or being exposed unexpectedly.

Exposure of Resource to Wrong Sphere

Property
Languagepython
Severityhigh
CWECWE-668: Exposure of Resource to Wrong Sphere
OWASPA01:2021 - Broken Access Control
Confidence LevelHigh
Impact LevelMedium
Likelihood LevelHigh

Description

Running a Flask app with host set to ‘0.0.0.0’ makes your server accessible from any network, not just your local machine. This can unintentionally expose your application to the public internet.

Impact

If exploited, attackers could access your development server, potentially exposing sensitive data or application internals. This increases the risk of unauthorized access, data leaks, and attacks against your application or underlying system.

Exposure of Sensitive Information to an Unauthorized Actor

Property
Languageyaml
Severitylow
CWECWE-200: Exposure of Sensitive Information to an Unauthorized Actor
OWASPA06:2017 - Security Misconfiguration
Confidence LevelLow
Impact LevelMedium
Likelihood LevelLow

Description

Sensitive information in GitHub Actions workflows may be exposed if the ‘add-mask’ command is not reliably used or if workflow command processing is stopped, causing secrets to appear in logs. Attackers can exploit this by disabling masking, leading to unintended secret disclosure.

Exposure of Sensitive Information to an Unauthorized Actor

Property
Languagehcl
Severitylow
CWECWE-200: Exposure of Sensitive Information to an Unauthorized Actor
OWASPA01:2021 - Broken Access Control
Confidence LevelLow
Impact LevelLow
Likelihood LevelLow

Description

The EKS cluster configuration allows public access to the Kubernetes API endpoint by not setting ’endpoint_public_access’ to false in ‘vpc_config’. This means the cluster’s control plane is reachable from the internet.

Impact

Leaving the public endpoint enabled exposes the Kubernetes API to unauthorized access, increasing the risk of attacks such as data exposure, cluster takeover, or service disruption. Attackers could attempt to exploit vulnerabilities or brute-force credentials, potentially compromising the entire cluster.