Minder Security Vulnerabilities and Issues — Minder CVE List

Lucene search

StacklokMinder

3 matches found

CVE•added 2024/02/26 10:15 p.m.•100 views

CVE-2024-27093

Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered, but not remediate any future changes which conflict with p...

7.5CVSS4.6AI score0.00332EPSS

CVE•added 2024/03/21 2:52 a.m.•60 views

CVE-2024-27916

Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints GetRepositoryByName, DeleteRepositoryByName, and GetArtifactByName to access any repository in the database, irrespective of who owns the repo and any permissions present. The database ...

7.1CVSS6.8AI score0.00067EPSS

CVE•added 2024/05/07 3:15 p.m.•48 views

CVE-2024-34084

Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests to ...

7.5CVSS6.4AI score0.00195EPSS