Eleftheria Stein-Kousathana

2 exploits Active since Apr 2024

CVE-2024-31455 WRITEUP MEDIUM WRITEUP

Stacklok Minder < 0.0.40 - Information Disclosure

Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would select a random repository. This issue is patched in pull request 2941. As a workaround, revert prior to `5c381cf`, or roll forward past `2eb94e7`.

CVSS 4.3

View Code

CVE-2025-65109 WRITEUP HIGH WRITEUP

Minder <0.20241106.3386+ref.2507dbf-0.0.83 - SSRF

Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have access to. This issue has been patched in Minder Helm version 0.20250203.3849+ref.fdc94f0 and Minder Go version 0.0.84.

View Code