Eleftheria Stein-Kousathana

3 exploits Active since Apr 2024
CVE-2024-31455 WRITEUP MEDIUM WRITEUP
Minder 0.0.39 - Exposure of Sensitive Information via SQL Query Parentheses Error
Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would select a random repository. This issue is patched in pull request 2941. As a workaround, revert prior to `5c381cf`, or roll forward past `2eb94e7`.
CVSS 4.3
CVE-2024-31455 WRITEUP MEDIUM WRITEUP
Minder 0.0.39 - Exposure of Sensitive Information via SQL Query Parentheses Error
Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would select a random repository. This issue is patched in pull request 2941. As a workaround, revert prior to `5c381cf`, or roll forward past `2eb94e7`.
CVSS 4.3
CVE-2025-65109 WRITEUP HIGH WRITEUP
Minder <0.20241106.3386+ref.2507dbf-0.0.83 - SSRF
Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have access to. This issue has been patched in Minder Helm version 0.20250203.3849+ref.fdc94f0 and Minder Go version 0.0.84.