2 matches found
CVE-2024-27093 Minder trusts client-provided mapping from repo name to upstream ID
Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered, but not remediate any future changes which conflict with...
CVE-2024-27093
The CVE-2024-27093 issue affects Minder (github.com/stacklok/minder) where client-provided mapping from repository name to upstream ID is trusted. In versions up to 0.0.31, an attacker could register a repository with an invalid or mismatched upstream ID, causing Minder to mark the repo as regist...