27 matches found
SUSE CVE-2025-61926
Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar's Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...
GO-2025-4018 Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret in github.com/ossf/allstar
Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret in github.com/ossf/allstar...
CVE-2025-61926
Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...
Use of Hard-coded Credentials
Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the reviewbot component. An attacker can gain unauthorized access to repository workflows by sending crafted webhook requests using a known, hard-coded secret. This allows triggering of automated review...
EUVD-2025-33544
Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret...
Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret
A vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret: https://github.com/ossf/allstar/blob/294ae985cc2facd0918e8d820e4196021aa0b914/pkg/reviewbot/reviewbot.goL59 The value used for the secret token was compiled into t...
GHSA-33F4-MJCH-7FPR Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret
A vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret: https://github.com/ossf/allstar/blob/294ae985cc2facd0918e8d820e4196021aa0b914/pkg/reviewbot/reviewbot.goL59 The value used for the secret token was compiled into t...
CVE-2025-61926
Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...
CVE-2025-61926 Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret
Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...
CVE-2025-61926 Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret
Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...
CVE-2025-61926 Allstar Reviewbot has Authentication Bypass via Hard-coded Webhook Secret
Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret token was compiled into the Allstar binary an...
CVE-2025-61926
Allstar Reviewbot had an authentication bypass via a hard-coded webhook secret. In Allstar versions prior to 4.5, inbound webhook requests were validated against a secret embedded at compile time and not configurable at runtime, causing all deployments using the Reviewbot code path to share the s...
Allstar 信任管理问题漏洞
Allstar is an Open Source Security Foundation open source security policy software. A trust management issue vulnerability exists in Allstar versions prior to 4.5, which stems from the Reviewbot component using a hard-coded shared key to validate an inbound webhook request, which could lead to a...
PT-2025-41496
Name of the Vulnerable Software and Affected Versions Allstar versions prior to 4.5 Description Allstar is a GitHub App used for setting and enforcing security policies. A flaw exists in the Reviewbot component where inbound webhook requests were validated against a hard-coded, shared secret. Thi...
EUVD-2022-3876
Malicious code in bioql PyPI...
CSRF vulnerability in jenkins-reviewbot Plugin
A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptordoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...
GHSA-2R46-CWGM-VVJX Missing permission check in Jenkins jenkins-reviewbot Plugin
A missing permission check in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptordoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
Missing permission check in Jenkins jenkins-reviewbot Plugin
A missing permission check in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptordoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...
CloudBees Jenkins jenkins-reviewbot plugin cross-site request forgery vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version of the release/test project and some timed tasks . jenkins-reviewbot Plugin is used in one o...
CVE-2019-10278
A cross-site request forgery vulnerability in Jenkins jenkins-reviewbot Plugin in the ReviewboardDescriptordoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...