CVE-2024-31455
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Apr 9, 2024
Updated: Apr 10, 2024
CWE ID 200
Summary
CVE-2024-31455 is a vulnerability affecting Minder, an open-source software supply chain security platform by Stacklok. A refactoring in commit `5c381cf` inadvertently introduced a flaw, allowing the selection of a random GitHub repository during registration without specifying a provider. The root cause was an erroneous SQL query that lacked parentheses. This issue has been resolved in pull request 2941. As a temporary measure, users can revert to a previous commit or roll forward to a version post `2eb94e7`.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share