Impact
What kind of vulnerability is it? Who is impacted?
Users who are using AutomataCI version v1.4.1 and below.
Patches
Has the problem been patched? What versions should users upgrade to?
User are advised to immediately upgrade to version v1.5.0.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Make sure the PROJECT_PATH_RELEASE (e.g. releases/) directory is manually and actually git cloned properly, making it a different git repository from the root git repository.
Otherwise, AutomataCI will get the root git repository and treating it PROJECT_PATH_RELEASE as one of its directory. This is why it mistakenly hard reset it back to first commit + force-push to remote repository (an automatic mechanism to publish a set of static materials cleanly and saving precious resources like space consumptions).
References
Are there any links users can visit to find out more?
AutomataCI GitHub Issue ID 93
hollowaykeanho Remediation developer
corygalyna Finder
Impact
What kind of vulnerability is it? Who is impacted?
Users who are using AutomataCI version
v1.4.1and below.Patches
Has the problem been patched? What versions should users upgrade to?
User are advised to immediately upgrade to version
v1.5.0.Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Make sure the
PROJECT_PATH_RELEASE(e.g.releases/) directory is manually and actuallygit clonedproperly, making it a different git repository from the root git repository.Otherwise, AutomataCI will get the root git repository and treating it
PROJECT_PATH_RELEASEas one of its directory. This is why it mistakenly hard reset it back to first commit + force-push to remote repository (an automatic mechanism to publish a set of static materials cleanly and saving precious resources like space consumptions).References
Are there any links users can visit to find out more?
AutomataCI GitHub Issue ID 93