14 matches found
Improper Validation Of Certificate Expiration
Infrahub is vulnerable to Improper Validation of Certificate Expiration. The vulnerability is due to a flaw in the authentication logic that improperly validates API token expiration, allowing deleted or expired tokens to be treated as valid. This allows an attackers to gain unauthorized access b...
EUVD-2025-27503
Malicious code in bioql PyPI...
CVE-2025-59036
Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account...
GHSA-V2P7-4PV4-3WWH Infrahub: Deleted and expired API tokens can still authenticate
Impact A bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account can authenticate successfully. Patches This issue is fixed in versions 1.3.9 and 1.4.5 Workarounds...
Improper Validation of Certificate Expiration
Overview infrahub-server is an Infrahub is taking a new approach to Infrastructure Management by providing a new generation of datastore to organize and control all the data that defines how an infrastructure should run. Affected versions of this package are vulnerable to Improper Validation of...
Infrahub: Deleted and expired API tokens can still authenticate
Impact A bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account can authenticate successfully. Patches This issue is fixed in versions 1.3.9 and 1.4.5 Workarounds...
CVE-2025-59036
Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account...
CVE-2025-59036 Infrahub allows authentication with deleted and expired API tokens
Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account...
CVE-2025-59036
Infrahub (OpsMill Infrahub) authentication bug Allows API tokens that were deleted or expired to remain valid, enabling authentication for tokens tied to active accounts. Affected versions: prior to 1.3.9 and prior to 1.4.5. Root cause: bug in authentication logic. Impact: tokens can authenticate...
CVE-2025-59036 Infrahub allows authentication with deleted and expired API tokens
Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account...
CVE-2025-59036 Infrahub allows authentication with deleted and expired API tokens
Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account...
OpsMill Infrahub 安全漏洞
OpsMill Infrahub is an infrastructure resource management platform from the French company OpsMill. A security vulnerability exists in OpsMill Infrahub versions prior to 1.3.9 and prior to 1.4.5, which stems from an error in the authentication logic that could cause deleted or expired API tokens ...
askap-flint (>=0.6.1 <=0.8.0), infrahub-server (>=1.1.0 <=1.1.10) +2 more potentially affected by CVE-2024-8183 via prefect (>=3.0.0rc20 <=3.0.11)
prefect PYPI version =3.0.0rc20, =0.6.1, =1.1.0, =1.1.0, =0.0.2, =0.0.10 Source cves: CVE-2024-8183 Source advisory: SNYK:PYTHON-PREFECT-9487016...
askap-flint (>=0.6.1 <=0.8.0), infrahub-server (>=1.1.0 <=1.1.10) +2 more potentially affected by CVE-2024-8183 via prefect (>=3.0.0rc20 <=3.0.11)
prefect PYPI version =3.0.0rc20, =0.6.1, =1.1.0, =1.1.0, =0.0.2, =0.0.10 Source cves: CVE-2024-8183 Source advisory: OSV:GHSA-4V9F-R55G-G6HC...