GHSA-Q6H8-4J2V-PJG4 Minder trusts client-provided mapping from repo name to upstream ID

Summary When using a modified client or the grpc interface directly, the RegisterRepository call accepts both the repository owner / repo and the repoid. Furthermore, these two are not checked for matching before registering webhooks and data in the database. Details It is possible for an attacke...

Minder trusts client-provided mapping from repo name to upstream ID

Summary When using a modified client or the grpc interface directly, the RegisterRepository call accepts both the repository owner / repo and the repoid. Furthermore, these two are not checked for matching before registering webhooks and data in the database. Details It is possible for an attacke...

Denial of service

Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered, but not remediate any future changes which conflict with...

CVE-2024-27093 Minder trusts client-provided mapping from repo name to upstream ID

Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered, but not remediate any future changes which conflict with...

Minder Security Vulnerability

Minder is an open source platform that helps development teams and the open source community build more secure software and prove to others that the software they build is secure. A security vulnerability exists in Minder 0.0.31 and earlier versions, which stems from the fact that an attacker may...