Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed

Permalink CVE-2025-10281

4.7 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

updated 2 months ago by @LeSuisse Activity log

Created automatic suggestion 4 months ago
@LeSuisse removed package hebbot 2 months ago
@LeSuisse dismissed 2 months ago

Insecure URL Handling in git_clone Leading to Leaked API Key

BBOT's git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL.

References

https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper

Affected products

bbot

=<2.6.1

Software not present in nixpkgs