CVE-2024-31455

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Apr 9, 2024
Updated: Apr 10, 2024
CWE ID 200

Summary

CVE-2024-31455 is a vulnerability affecting Minder, an open-source software supply chain security platform by Stacklok. A refactoring in commit `5c381cf` inadvertently introduced a flaw, allowing the selection of a random GitHub repository during registration without specifying a provider. The root cause was an erroneous SQL query that lacked parentheses. This issue has been resolved in pull request 2941. As a temporary measure, users can revert to a previous commit or roll forward to a version post `2eb94e7`.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share