CNNVD-202510-1220 Information
CNNVD ID
CNNVD-202510-1220
Related CVE
- CNNVD Published: 2025-10-09
Description (Chinese)
Allstar是Open Source Security Foundation开源的一安全策略软件。 Allstar 4.5之前版本存在信任管理问题漏洞,该漏洞源于Reviewbot组件使用硬编码共享密钥验证入站webhook请求,可能导致安全策略绕过。
Description (English)
Allstar is an Open Source Security Foundation open source security policy software. Prior to Alstar 4.5, there was a confidence management management loophole, which originated from the request of the Reviewbot component to validate the portal with a hard-coded shared key, which could lead to a circumvention of the security strategy.
Hazard Level
High
Vulnerability Type
信任管理问题
Affected Vendor
Open Source Security Foundation
Published
2025-10-09
Last Modified
2026-02-24
References
https://github.com/ossf/allstar/blob/294ae985cc2facd0918e8d820e4196021aa0b914/pkg/reviewbot/reviewbot.go#L59 https://github.com/ossf/allstar/commit/e004ecb540d63ca6f5b1689b41af6c0040a82c73 https://github.com/ossf/allstar/pull/713 https://github.com/ossf/allstar/security/advisories/GHSA-33f4-mjch-7fpr
Patch
https://github.com/ossf/allstar/releases
Share on: