4 matches found
Minder 安全漏洞
Minder is an open source platform that helps development teams and the open source community build more secure software and prove to others that the software they build is secure. A security vulnerability exists in versions of Minder prior to 0.0.33 that stems from allowing Minder users to access...
CVE-2024-27916 `GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user
Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints GetRepositoryByName, DeleteRepositoryByName, and GetArtifactByName to access any repository in the database, irrespective of who owns the repo and any permissions present. The databas...
CVE-2024-27916 `GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user
Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints GetRepositoryByName, DeleteRepositoryByName, and GetArtifactByName to access any repository in the database, irrespective of who owns the repo and any permissions present. The databas...
CVE-2024-27916
Minder prior to version 0.0.33 is affected by an access-control flaw where authenticated users can leverage GetRepositoryByName, DeleteRepositoryByName, and GetArtifactByName to access any repository in the database. The underlying issue is that the DB query checks repo owner, repo name, and prov...