26 matches found
GHSA-W8RR-5GCM-PP58 vulnerabilities
Vulnerabilities for packages: harbor-registry-fips, grafana-mimir, aactl, opentofu-fips, envoy-gateway, falcosidekick-fips, elastic-agent-fips, headlamp, datadog-agent, dgraph, nrdot-collector-k8s-fips, external-dns, kubo, containerd, frankenphp-8.3, opa-envoy, opentelemetry-collector-contrib-fip...
CVE-2026-39882 vulnerabilities
Vulnerabilities for packages: harbor-registry-fips, grafana-mimir, aactl, opentofu-fips, envoy-gateway, falcosidekick-fips, elastic-agent-fips, headlamp, datadog-agent, dgraph, nrdot-collector-k8s-fips, external-dns, kubo, containerd, frankenphp-8.3, opa-envoy, opentelemetry-collector-contrib-fip...
SUSE CVE-2025-52477
Octo-STS is a GitHub App that acts like a Security Token Service STS for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error lo...
GO-2025-3779 Octo STS Unauthenticated SSRF by abusing fields in OpenID Connect tokens in github.com/octo-sts/app
Octo STS Unauthenticated SSRF by abusing fields in OpenID Connect tokens in github.com/octo-sts/app...
GHSA-H3QP-HWVR-9XCQ vulnerabilities
Vulnerabilities for packages: octo-sts...
CVE-2025-52477 vulnerabilities
Vulnerabilities for packages: octo-sts...
CVE-2025-52477 vulnerabilities
Vulnerabilities for packages: octo-sts...
GHSA-H3QP-HWVR-9XCQ vulnerabilities
Vulnerabilities for packages: octo-sts...
CVE-2025-52477
Octo-STS is a GitHub App that acts like a Security Token Service STS for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error lo...
GHSA-H3QP-HWVR-9XCQ Octo STS Unauthenticated SSRF by abusing fields in OpenID Connect tokens
Summary Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error logs with sensitive information. Please upgrade to v0.5.3 to resolve this issue. Th...
Octo STS Unauthenticated SSRF by abusing fields in OpenID Connect tokens
Summary Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error logs with sensitive information. Please upgrade to v0.5.3 to resolve this issue. Th...
CVE-2025-52477 Octo-STS Vulnerable to Unauthenticated SSRF with HTTP Response Reflection in OIDC Flow
Octo-STS is a GitHub App that acts like a Security Token Service STS for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error lo...
CVE-2025-52477 Octo-STS Vulnerable to Unauthenticated SSRF with HTTP Response Reflection in OIDC Flow
Octo-STS is a GitHub App that acts like a Security Token Service STS for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error lo...
CVE-2025-52477 Octo-STS Vulnerable to Unauthenticated SSRF with HTTP Response Reflection in OIDC Flow
Octo-STS is a GitHub App that acts like a Security Token Service STS for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error lo...
PT-2025-27002 · Github · Octo-Sts
Name of the Vulnerable Software and Affected Versions: Octo-STS versions prior to v0.5.3 Description: Octo-STS is a GitHub App that acts like a Security Token Service STS for the GitHub API. The issue allows for unauthenticated Server-Side Request Forgery SSRF by abusing fields in OpenID Connect...
octo-sts 代码问题漏洞
octo-sts is a Chainguard's GitHub security token service open-sourced by octo-sts. A code issue vulnerability exists in octo-sts versions prior to v0.5.3, which stems from an unauthenticated server-side request forgery vulnerability...
CVE-2024-34079
octo-sts is a GitHub App that acts like a Security Token Service STS for the Github API. This vulnerability can spike the resource utilization of the STS service, and combined with a significant traffic volume could potentially lead to a denial of service. This vulnerability is fixed in 0.1.0...
CVE-2024-34079
octo-sts is a GitHub App that acts like a Security Token Service STS for the Github API. This vulnerability can spike the resource utilization of the STS service, and combined with a significant traffic volume could potentially lead to a denial of service. This vulnerability is fixed in 0.1.0...
Denial Of Service (DoS)
octo-sts is vulnerable to Denial of Service DoS. The vulnerability is due to missing HTTP request response size checks, which allows an attacker to cause a Denial of Service by flooding the STS service with traffic...
octo-sts 安全漏洞
octo-sts is a Chainguard's GitHub security token service open-sourced by octo-sts. A security vulnerability exists in octo-sts versions prior to 0.1.0, which stems from the fact that an unauthenticated attacker can cause unlimited CPU and memory usage...