GHSA-P3V4-C93G-CMHW BBOT's gitlab.py exposes globally configured "gitlab" API key

Summary bbot's gitlab.py sends the user's "gitlab" API key to on-premise GitLab instances. If a user has configured a gitlab.com API key using this mechanism, it may be leaked to an attacker-controlled server. Impact A user with a "gitlab" API key configured who uses bbot to scan a malicious...

Directory Traversal

bbot is vulnerable to Directory Traversal. The vulnerability is due to gitdumper processing content from remote git repositories without proper sanitization, which allows an attacker to supply a malicious repository that triggers execution of arbitrary commands...

Arbitrary File Write

bbot is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient sanitization of archive entry paths, and an attacker can craft archive entries with absolute or directory-traversal paths that cause bbot to write arbitrary files to arbitrary locations and achieve remote code...

CVE-2025-10282

BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL...

CVE-2025-10284

BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution...

BBOT's various issues in unarchive.py can cause arbitrary file write and RCE

Summary Various issues in bbot's unarchive.py allow a malicious site to cause bbot to write arbitrary files to arbitrary locations. This can be used to achieve Remote Code Execution RCE. Impact A user who uses bbot to scan a malicious webserver may have arbitrary code executed on their system...

GHSA-FHW8-8V9P-7JP7 BBOT's various issues in unarchive.py can cause arbitrary file write and RCE

Summary Various issues in bbot's unarchive.py allow a malicious site to cause bbot to write arbitrary files to arbitrary locations. This can be used to achieve Remote Code Execution RCE. Impact A user who uses bbot to scan a malicious webserver may have arbitrary code executed on their system...

Information Exposure

Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Information Exposure via gitclone. An attacker can obtain sensitive information by tricking a user into cloning a repository using a specially crafted URL that causes the API key to be sent to an...

Directory Traversal

Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Directory Traversal via gitdumper. An attacker can execute arbitrary commands by crafting a malicious git repository. Details A Directory Traversal attack also known as path traversal aims to...

Information Exposure

Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Information Exposure via the gitlab process. An attacker can obtain sensitive API key information by tricking the system into connecting to a maliciously crafted git URL. Remediation Upgrade bbot...

CVE-2025-10283

BBOT's gitdumper module could be abused to execute commands through a malicious git repository...

CVE-2025-10281

BBOT's gitclone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL...

CVE-2025-10284 Improper Archive Extraction in unarchive Enables RCE

BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution...

CVE-2025-10283

BBOT’s gitdumper module is vulnerable due to insufficient sanitization of .git data, enabling Directory Traversal that can lead to Remote Code Execution when processing a malicious git repository. Affected component: bb ot gitdumper.py (processing of .git/config and related index/file handling as...

CVE-2025-10282

BBOT's gitlab module exposes GitLab API keys by using a maliciously formatted git URL, leading to information exposure to an attacker-controlled server. Multiple sources (including Red Hat CVE entry and accompanying advisories) describe the issue as a leak of the user’s API key when bb ot process...

BBOT 安全漏洞

BBOT is a recursive Internet scanner open-sourced by Black Lantern Security. BBOT suffers from a security vulnerability that stems from a maliciously formatted git URL that could lead to the disclosure of GitLab API keys to an attacker-controlled server...

PT-2025-41394

Name of the Vulnerable Software and Affected Versions BBOT affected versions not specified Description The git clone module in BBOT may allow an attacker to disclose a GitHub API key to a server they control by using a maliciously formatted git URL. The issue involves the potential exposure of th...