SUSE CVE-2025-61926

Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar's Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...

GO-2025-4018 Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret in github.com/ossf/allstar

Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret in github.com/ossf/allstar...

CVE-2025-61926

Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...

GHSA-33F4-MJCH-7FPR Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret

A vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret: https://github.com/ossf/allstar/blob/294ae985cc2facd0918e8d820e4196021aa0b914/pkg/reviewbot/reviewbot.goL59 The value used for the secret token was compiled into t...

CVE-2025-61926

Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...

CVE-2025-61926

Allstar Reviewbot had an authentication bypass via a hard-coded webhook secret. In Allstar versions prior to 4.5, inbound webhook requests were validated against a secret embedded at compile time and not configurable at runtime, causing all deployments using the Reviewbot code path to share the s...

CVE-2025-61926 Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret

Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...

CVE-2025-61926 Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret

Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...

CVE-2025-61926 Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret

Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...

Allstar 信任管理问题漏洞

Allstar is an Open Source Security Foundation open source security policy software. A trust management issue vulnerability exists in Allstar versions prior to 4.5, which stems from the Reviewbot component using a hard-coded shared key to validate an inbound webhook request, which could lead to a...

PT-2025-41496

Name of the Vulnerable Software and Affected Versions Allstar versions prior to 4.5 Description Allstar is a GitHub App used for setting and enforcing security policies. A flaw exists in the Reviewbot component where inbound webhook requests were validated against a hard-coded, shared secret. Thi...

volkswagen-allstar.de XSS vulnerability

Vulnerable URL: https://www.volkswagen-allstar.de/content/themes/vwallstar-microsite/assets/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alertOPENBUGBOUNTY Details: Description| Value ---|--- Patched:| Yes, at 12.01.2017 Latest check for patch:| 12.01.2017 12:22 GMT Vulnerability type:| XS...