CVE-2024-27916

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Mar 21, 2024

CWE ID 285

Summary

CVE-2024-27916 is a vulnerability affecting the Minder software supply chain security platform. Before version 0.0.33, the platform allowed users to bypass repository access restrictions using the endpoints `GetRepositoryByName`, `DeleteRepositoryByName`, and `GetArtifactByName`. Despite checks for repo owner, name, and provider, a user with valid credentials could manipulate these values and obtain information on repositories they weren't authorized to access. This issue has been resolved in version 0.0.33 with a patch.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/usGQDL
https://www.cve.org/CVERecord?id=CVE-2024-27916
https://nvd.nist.gov/vuln/detail/CVE-2024-27916

Back to Vulnerability Database

CVE-2024-27916

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations