10 matches found
Improper Validation Of Certificate Expiration
Infrahub is vulnerable to Improper Validation of Certificate Expiration. The vulnerability is due to a flaw in the authentication logic that improperly validates API token expiration, allowing deleted or expired tokens to be treated as valid. This allows an attackers to gain unauthorized access b...
CVE-2025-59036
Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account...
GHSA-V2P7-4PV4-3WWH Infrahub: Deleted and expired API tokens can still authenticate
Impact A bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account can authenticate successfully. Patches This issue is fixed in versions 1.3.9 and 1.4.5 Workarounds...
Infrahub: Deleted and expired API tokens can still authenticate
Impact A bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account can authenticate successfully. Patches This issue is fixed in versions 1.3.9 and 1.4.5 Workarounds...
CVE-2025-59036 Infrahub allows authentication with deleted and expired API tokens
Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account...
CVE-2025-59036
Infrahub (OpsMill Infrahub) authentication bug Allows API tokens that were deleted or expired to remain valid, enabling authentication for tokens tied to active accounts. Affected versions: prior to 1.3.9 and prior to 1.4.5. Root cause: bug in authentication logic. Impact: tokens can authenticate...
CVE-2025-59036 Infrahub allows authentication with deleted and expired API tokens
Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account...
CVE-2025-59036 Infrahub allows authentication with deleted and expired API tokens
Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account...
OpsMill Infrahub 安全漏洞
OpsMill Infrahub is an infrastructure resource management platform from the French company OpsMill. A security vulnerability exists in OpsMill Infrahub versions prior to 1.3.9 and prior to 1.4.5, which stems from an error in the authentication logic that could cause deleted or expired API tokens ...
PT-2025-36994
Name of the Vulnerable Software and Affected Versions: Infrahub versions prior to 1.3.9 Infrahub versions prior to 1.4.5 Description: Infrahub provides a central hub for managing data, templates, and playbooks. A flaw in the authentication logic allows deleted or expired API tokens to be consider...