Tag
high
advisory
Tekton Pipelines Git Resolver API Token Leak via User-Controlled ServerURL
2 rules 1 TTP 1 CVEThe Tekton Pipelines git resolver in API mode leaks the system-configured Git API token to a user-controlled `serverURL` when the user omits the `token` parameter, allowing an attacker with TaskRun or PipelineRun creation permissions to exfiltrate the shared API token.
tekton
git
credential-access
api-token
2r
1t
1c
critical
advisory
Directus Aggregate Query Vulnerability Allows Disclosure of Concealed Data
2 rules 1 TTPA vulnerability in Directus versions prior to 11.17.0 allows authenticated users to extract concealed field values, including static API tokens and two-factor authentication secrets from directus_users, via aggregate queries.
directus
vulnerability
credential-access
api-token
2fa-bypass
2r
1t