Vulnerabilidades em stacklok
9 resultadosCVE-2024-31455MEDIUMMinder GetRepositoryByName data leakEPSS 0.8%CVE-2024-27916HIGH`GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated userEPSS 0.7%CVE-2024-34084HIGHMinder's Github Webhook Handler vulnerable to denial of service from un-validated requestsEPSS 0.6%CVE-2024-27093MEDIUMMinder trusts client-provided mapping from repo name to upstream IDEPSS 0.6%CVE-2024-35238MEDIUMDenial of service of Minder Server from maliciously crafted GitHub attestationsEPSS 0.5%CVE-2024-35185MEDIUMDenial of service of Minder Server with attacker-controlled REST endpointEPSS 0.5%CVE-2024-37904MEDIUMDenial of service from maliciously configured Git repository in MinderEPSS 0.5%CVE-2024-35194MEDIUMStacklok Minder vulnerable to denial of service from maliciously crafted templatesEPSS 0.4%CVE-2025-47274LOWToolHive stores secrets in the state store with no encryptionEPSS 0.1%