EPSS
Percentile
41.9%
bigflow is vulnerable to Improper Certificate Validation. The vulnerability due to improper SSL certificate validation in the get_vault_token function which allows an attacker to preform a Man-in-the-Middle attack.
get_vault_token
github.com/advisories/GHSA-w6q2-48ch-fj26
github.com/allegro/bigflow/commit/fab2660b7d5ed98319776dede095d1bf21c88154
github.com/allegro/bigflow/pull/357