CVE-2024-27916

Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints `GetRepositoryByName`, `DeleteRepositoryByName`, and `GetArtifactByName` to access any repository in the database, irrespective of who owns the repo and any permissions present. The database query checks by repo owner, repo name and provider name (which is always `github`). These query values are not distinct for the particular user - as long as the user has valid credentials and a provider, they can set the repo owner/name to any value they want and the server will return information on this repo. Version 0.0.33 contains a patch for this issue.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/stacklok/minder/blob/a115c8524fbd582b2b277eaadce024bebbded508/internal/controlplane/handlers_repositories.go#L277-L278
https://github.com/stacklok/minder/blob/main/internal/controlplane/handlers_repositories.go#L257-L299
https://github.com/stacklok/minder/commit/45750b4e9fb2de33365758366e06c19e999bd2eb
https://github.com/stacklok/minder/security/advisories/GHSA-v627-69v2-xx37

Configurations

No configuration.

History

21 Mar 2024, 02:52

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-21 02:52

Updated : 2024-03-21 12:58

NVD link : CVE-2024-27916

Mitre link : CVE-2024-27916

CVE.ORG link : CVE-2024-27916

JSON object : View

Products Affected

No product.

CWE

CWE-285

Improper Authorization

7.1 /10