Minder Security Vulnerabilities and Issues — Minder CVE List

Lucene search

StacklokMinder

8 matches found

CVE•added 2024/02/26 10:15 p.m.•99 views

CVE-2024-27093

Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered, but not remediate any future changes which conflict with p...

7.5CVSS4.6AI score0.00238EPSS

CVE•added 2024/03/21 2:52 a.m.•59 views

CVE-2024-27916

Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints GetRepositoryByName, DeleteRepositoryByName, and GetArtifactByName to access any repository in the database, irrespective of who owns the repo and any permissions present. The database ...

7.1CVSS6.8AI score0.00065EPSS

CVE•added 2024/05/20 9:15 p.m.•56 views

CVE-2024-35194

Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created templates. Minder engine uses templating to generate strings for various use cases such as URLs, me...

5.3CVSS6.3AI score0.00265EPSS

CVE•added 2024/04/09 5:16 p.m.•55 views

CVE-2024-31455

Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit 5c381cf added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would sel...

4.3CVSS4.7AI score0.00343EPSS

CVE•added 2024/05/16 4:15 p.m.•51 views

CVE-2024-35185

Minder is a software supply chain security platform. Prior to version 0.0.49, the Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. The REST ingester allows users to interact with REST endpoints to fetch data ...

5.3CVSS6.7AI score0.00086EPSS

CVE•added 2024/05/07 3:15 p.m.•47 views

CVE-2024-34084

Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests to ...

7.5CVSS6.4AI score0.00195EPSS

CVE•added 2024/05/27 6:15 p.m.•40 views

CVE-2024-35238

Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Mind...

5.3CVSS5.3AI score0.0036EPSS

CVE•added 2024/06/18 5:15 p.m.•40 views

CVE-2024-37904

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider d...

5.7CVSS5.5AI score0.00203EPSS