CVSS 3.1 Score 4.3 of 10 (medium)


Published Apr 9, 2024
Updated: Apr 10, 2024
CWE ID 200


CVE-2024-31455 is a vulnerability affecting Minder by Stacklok, an open source software supply chain security platform. The issue arises from a missing parenthesis in an SQL query that selects a random repository when getting GitHub repositories registered to a project without specifying a specific provider. The vulnerability has been patched in pull request 2941, and as a workaround, users can revert to a previous version or update to a version past 2eb94e7. The risk score for this vulnerability is 5, with a base severity of MEDIUM. It has a low privileges required and user interaction level, and can be exploited through the network. The potential danger includes low confidentiality impact but no integrity or availability impact.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-31455 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options