Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added 2025/04/04 10:27 p.m.17 views

CVE-2025-31484

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...

9.3CVSS7.3AI score0.00387EPSS
Exploits0References1
Circl
Circl
added 2025/04/02 10:11 p.m.17 views

CVE-2025-31484

creationtimestamp| type| source ---|---|--- 2025-04-02 22:11:54+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114270661068874157 2025-04-02 22:11:54+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114270661068874157 2025-04-02 22:34:43+00:00| published-proof-of-concept|...

9.3CVSS4.8AI score0.00387EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/04/02 9:38 p.m.6 views

CVE-2025-31484 conda-forge infrastructure uses a bad token for Azure's cf-staging access

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...

9.3CVSS7.2AI score0.00387EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/02 9:38 p.m.23 views

CVE-2025-31484 conda-forge infrastructure uses a bad token for Azure's cf-staging access

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...

9.3CVSS0.00387EPSS
Exploits0References2
CVE
CVE
added 2025/04/02 9:38 p.m.61 views

CVE-2025-31484

CVE-2025-31484 affects the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, the infrastructure used the wrong Azure cf-staging access token, allowing any feedstock maintainer to upload a package to the conda-forge channel and bypass the standard feedstock-token + upload process. The...

9.3CVSS7.2AI score0.00387EPSS
Exploits0References2
OSV
OSV
added 2025/04/02 9:38 p.m.12 views

CVE-2025-31484 conda-forge infrastructure uses a bad token for Azure's cf-staging access

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...

9.3CVSS6.8AI score0.00387EPSS
Exploits0References4
Rows per page
Query Builder