Veracode Vulnerability DatabaseVERACODE:47225Denial Of Service (DoS)
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
github.com/stacklok/minder is vulnerable to a Denial Of Service (DoS). The vulnerability is due to the sigstore verifier reading an untrusted response entirely into memory without enforcing a limit on the response body. The vulnerability allows an attacker to crash the Minder server and deny other users access to it.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/stacklok/minder | le | v0.0.50 | |
| github.com/stacklok/minder | le | v0.0.50 |
References
github.com/advisories/GHSA-8fmj-33gw-g7pw
github.com/stacklok/minder/blob/daccbc12e364e2d407d56b87a13f7bb24cbdb074/internal/verifier/sigstore/container/container.go#L271-L300
github.com/stacklok/minder/commit/fe321d345b4f738de6a06b13207addc72b59f892
github.com/stacklok/minder/security/advisories/GHSA-8fmj-33gw-g7pw
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%