Lucene search
K

26 matches found

Chainguard
Chainguard
added 2026/04/10 2:13 a.m.4 views

GHSA-W8RR-5GCM-PP58 vulnerabilities

Vulnerabilities for packages: harbor-registry-fips, grafana-mimir, aactl, opentofu-fips, envoy-gateway, falcosidekick-fips, elastic-agent-fips, headlamp, datadog-agent, dgraph, nrdot-collector-k8s-fips, external-dns, kubo, containerd, frankenphp-8.3, opa-envoy, opentelemetry-collector-contrib-fip...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/04/10 2:13 a.m.4 views

CVE-2026-39882 vulnerabilities

Vulnerabilities for packages: harbor-registry-fips, grafana-mimir, aactl, opentofu-fips, envoy-gateway, falcosidekick-fips, elastic-agent-fips, headlamp, datadog-agent, dgraph, nrdot-collector-k8s-fips, external-dns, kubo, containerd, frankenphp-8.3, opa-envoy, opentelemetry-collector-contrib-fip...

5.3CVSS6.7AI score0.0019EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/08/06 2:53 a.m.4 views

SUSE CVE-2025-52477

Octo-STS is a GitHub App that acts like a Security Token Service STS for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error lo...

8.6CVSS6.9AI score0.0041EPSS
Exploits0References2
OSV
OSV
added 2025/07/28 7:57 p.m.4 views

GO-2025-3779 Octo STS Unauthenticated SSRF by abusing fields in OpenID Connect tokens in github.com/octo-sts/app

Octo STS Unauthenticated SSRF by abusing fields in OpenID Connect tokens in github.com/octo-sts/app...

8.6CVSS6.1AI score0.0041EPSS
Exploits0References4
Wolfi
Wolfi
added 2025/06/30 7:46 p.m.4 views

GHSA-H3QP-HWVR-9XCQ vulnerabilities

Vulnerabilities for packages: octo-sts...

7.5AI score
Exploits0
Wolfi
Wolfi
added 2025/06/30 7:46 p.m.13 views

CVE-2025-52477 vulnerabilities

Vulnerabilities for packages: octo-sts...

8.6CVSS6.7AI score0.0041EPSS
Exploits0
Chainguard
Chainguard
added 2025/06/30 7:16 p.m.13 views

CVE-2025-52477 vulnerabilities

Vulnerabilities for packages: octo-sts...

8.6CVSS6.7AI score0.0041EPSS
Exploits0
Chainguard
Chainguard
added 2025/06/30 7:16 p.m.4 views

GHSA-H3QP-HWVR-9XCQ vulnerabilities

Vulnerabilities for packages: octo-sts...

7.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/06/28 5:26 p.m.10 views

CVE-2025-52477

Octo-STS is a GitHub App that acts like a Security Token Service STS for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error lo...

8.6CVSS6.4AI score0.0041EPSS
Exploits0References1
OSV
OSV
added 2025/06/26 6:53 p.m.4 views

GHSA-H3QP-HWVR-9XCQ Octo STS Unauthenticated SSRF by abusing fields in OpenID Connect tokens

Summary Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error logs with sensitive information. Please upgrade to v0.5.3 to resolve this issue. Th...

8.6CVSS7AI score0.0041EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/06/26 6:53 p.m.6 views

Octo STS Unauthenticated SSRF by abusing fields in OpenID Connect tokens

Summary Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error logs with sensitive information. Please upgrade to v0.5.3 to resolve this issue. Th...

8.6CVSS7AI score0.0041EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/06/26 4:46 p.m.12 views

CVE-2025-52477 Octo-STS Vulnerable to Unauthenticated SSRF with HTTP Response Reflection in OIDC Flow

Octo-STS is a GitHub App that acts like a Security Token Service STS for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error lo...

8.6CVSS0.0041EPSS
Exploits0References3
OSV
OSV
added 2025/06/26 4:46 p.m.5 views

CVE-2025-52477 Octo-STS Vulnerable to Unauthenticated SSRF with HTTP Response Reflection in OIDC Flow

Octo-STS is a GitHub App that acts like a Security Token Service STS for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error lo...

8.6CVSS6.5AI score0.0041EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/06/26 4:46 p.m.2 views

CVE-2025-52477 Octo-STS Vulnerable to Unauthenticated SSRF with HTTP Response Reflection in OIDC Flow

Octo-STS is a GitHub App that acts like a Security Token Service STS for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error lo...

8.6CVSS7.1AI score0.0041EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/26 12:0 a.m.2 views

PT-2025-27002 · Github · Octo-Sts

Name of the Vulnerable Software and Affected Versions: Octo-STS versions prior to v0.5.3 Description: Octo-STS is a GitHub App that acts like a Security Token Service STS for the GitHub API. The issue allows for unauthenticated Server-Side Request Forgery SSRF by abusing fields in OpenID Connect...

8.6CVSS7.2AI score0.0041EPSS
Exploits0References11
CNNVD
CNNVD
added 2025/06/26 12:0 a.m.4 views

octo-sts 代码问题漏洞

octo-sts is a Chainguard's GitHub security token service open-sourced by octo-sts. A code issue vulnerability exists in octo-sts versions prior to v0.5.3, which stems from an unauthenticated server-side request forgery vulnerability...

8.6CVSS6.8AI score0.0041EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 8:41 a.m.3 views

CVE-2024-34079

octo-sts is a GitHub App that acts like a Security Token Service STS for the Github API. This vulnerability can spike the resource utilization of the STS service, and combined with a significant traffic volume could potentially lead to a denial of service. This vulnerability is fixed in 0.1.0...

3.7CVSS6.7AI score0.00581EPSS
Exploits0References1
NVD
NVD
added 2024/05/14 3:38 p.m.21 views

CVE-2024-34079

octo-sts is a GitHub App that acts like a Security Token Service STS for the Github API. This vulnerability can spike the resource utilization of the STS service, and combined with a significant traffic volume could potentially lead to a denial of service. This vulnerability is fixed in 0.1.0...

3.7CVSS4AI score0.00581EPSS
Exploits0References2
Veracode
Veracode
added 2024/05/14 6:51 a.m.12 views

Denial Of Service (DoS)

octo-sts is vulnerable to Denial of Service DoS. The vulnerability is due to missing HTTP request response size checks, which allows an attacker to cause a Denial of Service by flooding the STS service with traffic...

3.7CVSS6.9AI score0.00581EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.3 views

octo-sts 安全漏洞

octo-sts is a Chainguard's GitHub security token service open-sourced by octo-sts. A security vulnerability exists in octo-sts versions prior to 0.1.0, which stems from the fact that an unauthenticated attacker can cause unlimited CPU and memory usage...

3.7CVSS4.8AI score0.00581EPSS
Exploits0References3
Rows per page
Query Builder