CNNVD-202506-3347 Information

CNNVD ID

CNNVD-202506-3347

Related CVE

CVE-2025-52477

• CNNVD Published: 2025-06-26

Description (Chinese)

octo-sts是octo-sts开源的一个 Chainguard 的 GitHub 安全令牌服务。 octo-sts v0.5.3之前版本存在代码问题漏洞，该漏洞源于未经验证的服务端请求伪造漏洞。

Description (English)

octo-sts is a Chinguard security token service for octo-sts. Prior to the version of octo-sts v. 0.5.3, there was a code gap, which originated from uncertified service-end requests for forgery.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

octo-sts

Published

2025-06-26

Last Modified

2026-02-24

References

https://github.com/octo-sts/app/commit/0f177fde54f9318e33f0bba6abaea9463a7c3afd https://github.com/octo-sts/app/commit/b3976e39bd8c8c217c0670747d34a4499043da92 https://github.com/octo-sts/app/security/advisories/GHSA-h3qp-hwvr-9xcq

Patch

https://github.com/octo-sts/app/releases