exploitDog

CVE-2025-67844

Опубликовано: 19 дек. 2025

Источник: nvd

CVSS3: 5

CVSS3: 4.3

EPSS Низкий

Описание

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub App Installation ID associated with the user's organization.

Ссылки

https://kibty.town/blog/mintlify/
Exploit
Third Party Advisory
https://news.ycombinator.com/item?id=46317098
Issue Tracking
https://www.mintlify.com/blog/working-with-security-researchers-november-2025
Vendor Advisory
https://www.mintlify.com/docs/changelog
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mintlify:mintlify:*:*:*:*:*:*:*:*

Версия до 2025-11-15 (исключая)

EPSS

Процентиль: 11%

0.00038

Низкий

5 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-425

Связанные уязвимости

GHSA-m2jw-wc29-6qmv

CVSS3: 5

github

около 2 месяцев назад

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub App Installation ID associated with the user's organization.

EPSS

Процентиль: 11%

0.00038

Низкий

5 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-425