Search criteria
8 vulnerabilities found for bbot by BLSOPS, LLC
CVE-2025-10284 (GCVE-0-2025-10284)
Vulnerability from cvelistv5 – Published: 2025-10-09 15:46 – Updated: 2025-10-09 17:38
VLAI?
Title
Improper Archive Extraction in unarchive Enables RCE
Summary
BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.
Severity ?
9.6 (Critical)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BLSOPS, LLC | bbot |
Affected:
0.0.0 , ≤ 2.6.1
(2.7.1)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-09T17:38:26.423603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T17:38:35.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/bbot/",
"defaultStatus": "unaffected",
"packageName": "bbot",
"platforms": [
"Linux"
],
"product": "bbot",
"repo": "https://github.com/blacklanternsecurity/bbot",
"vendor": "BLSOPS, LLC",
"versions": [
{
"lessThanOrEqual": "2.6.1",
"status": "affected",
"version": "0.0.0",
"versionType": "2.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BBOT\u0027s unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.\u003cbr\u003e"
}
],
"value": "BBOT\u0027s unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T15:55:20.518Z",
"orgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"shortName": "BLSOPS"
},
"references": [
{
"url": "https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Archive Extraction in unarchive Enables RCE",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"assignerShortName": "BLSOPS",
"cveId": "CVE-2025-10284",
"datePublished": "2025-10-09T15:46:14.738Z",
"dateReserved": "2025-09-11T16:19:05.900Z",
"dateUpdated": "2025-10-09T17:38:35.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10283 (GCVE-0-2025-10283)
Vulnerability from cvelistv5 – Published: 2025-10-09 15:46 – Updated: 2025-10-09 17:39
VLAI?
Title
Improper .git Sanitization in gitdumper Enables RCE
Summary
BBOT's gitdumper module could be abused to execute commands through a malicious git repository.
Severity ?
9.6 (Critical)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BLSOPS, LLC | bbot |
Affected:
0.0.0 , ≤ 2.6.1
(2.7.1)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10283",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-09T17:38:56.042030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T17:39:02.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/bbot/",
"defaultStatus": "unaffected",
"packageName": "bbot",
"platforms": [
"Linux"
],
"product": "bbot",
"repo": "https://github.com/blacklanternsecurity/bbot",
"vendor": "BLSOPS, LLC",
"versions": [
{
"lessThanOrEqual": "2.6.1",
"status": "affected",
"version": "0.0.0",
"versionType": "2.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BBOT\u0027s gitdumper module could be abused to execute commands through a malicious git repository.\u003cbr\u003e"
}
],
"value": "BBOT\u0027s gitdumper module could be abused to execute commands through a malicious git repository."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T15:55:12.470Z",
"orgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"shortName": "BLSOPS"
},
"references": [
{
"url": "https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper .git Sanitization in gitdumper Enables RCE",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"assignerShortName": "BLSOPS",
"cveId": "CVE-2025-10283",
"datePublished": "2025-10-09T15:46:12.847Z",
"dateReserved": "2025-09-11T16:19:04.815Z",
"dateUpdated": "2025-10-09T17:39:02.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10282 (GCVE-0-2025-10282)
Vulnerability from cvelistv5 – Published: 2025-10-09 15:46 – Updated: 2025-10-09 19:03
VLAI?
Title
GitLab Domain Confusion in gitlab Leaks API Key
Summary
BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL.
Severity ?
4.7 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BLSOPS, LLC | bbot |
Affected:
0.0.0 , ≤ 2.6.1
(2.7.1)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10282",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-09T19:02:56.555078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T19:03:04.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/bbot/",
"defaultStatus": "unaffected",
"packageName": "bbot",
"platforms": [
"Linux"
],
"product": "bbot",
"repo": "https://github.com/blacklanternsecurity/bbot",
"vendor": "BLSOPS, LLC",
"versions": [
{
"lessThanOrEqual": "2.6.1",
"status": "affected",
"version": "0.0.0",
"versionType": "2.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BBOT\u0027s gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL."
}
],
"value": "BBOT\u0027s gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Man in the Middle Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T15:55:05.919Z",
"orgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"shortName": "BLSOPS"
},
"references": [
{
"url": "https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GitLab Domain Confusion in gitlab Leaks API Key",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"assignerShortName": "BLSOPS",
"cveId": "CVE-2025-10282",
"datePublished": "2025-10-09T15:46:10.669Z",
"dateReserved": "2025-09-11T16:19:03.671Z",
"dateUpdated": "2025-10-09T19:03:04.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10281 (GCVE-0-2025-10281)
Vulnerability from cvelistv5 – Published: 2025-10-09 15:45 – Updated: 2025-10-09 19:04
VLAI?
Title
Insecure URL Handling in git_clone Leading to Leaked API Key
Summary
BBOT's git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL.
Severity ?
4.7 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BLSOPS, LLC | bbot |
Affected:
0.0.0 , ≤ 2.6.1
(2.7.1)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-09T19:04:25.334821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T19:04:36.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/bbot/",
"defaultStatus": "unaffected",
"packageName": "bbot",
"platforms": [
"Linux"
],
"product": "bbot",
"repo": "https://github.com/blacklanternsecurity/bbot",
"vendor": "BLSOPS, LLC",
"versions": [
{
"lessThanOrEqual": "2.6.1",
"status": "affected",
"version": "0.0.0",
"versionType": "2.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BBOT\u0027s git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL."
}
],
"value": "BBOT\u0027s git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Man in the Middle Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T15:54:55.350Z",
"orgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"shortName": "BLSOPS"
},
"references": [
{
"url": "https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure URL Handling in git_clone Leading to Leaked API Key",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"assignerShortName": "BLSOPS",
"cveId": "CVE-2025-10281",
"datePublished": "2025-10-09T15:45:56.325Z",
"dateReserved": "2025-09-11T16:19:02.209Z",
"dateUpdated": "2025-10-09T19:04:36.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10284 (GCVE-0-2025-10284)
Vulnerability from nvd – Published: 2025-10-09 15:46 – Updated: 2025-10-09 17:38
VLAI?
Title
Improper Archive Extraction in unarchive Enables RCE
Summary
BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.
Severity ?
9.6 (Critical)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BLSOPS, LLC | bbot |
Affected:
0.0.0 , ≤ 2.6.1
(2.7.1)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-09T17:38:26.423603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T17:38:35.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/bbot/",
"defaultStatus": "unaffected",
"packageName": "bbot",
"platforms": [
"Linux"
],
"product": "bbot",
"repo": "https://github.com/blacklanternsecurity/bbot",
"vendor": "BLSOPS, LLC",
"versions": [
{
"lessThanOrEqual": "2.6.1",
"status": "affected",
"version": "0.0.0",
"versionType": "2.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BBOT\u0027s unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.\u003cbr\u003e"
}
],
"value": "BBOT\u0027s unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T15:55:20.518Z",
"orgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"shortName": "BLSOPS"
},
"references": [
{
"url": "https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Archive Extraction in unarchive Enables RCE",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"assignerShortName": "BLSOPS",
"cveId": "CVE-2025-10284",
"datePublished": "2025-10-09T15:46:14.738Z",
"dateReserved": "2025-09-11T16:19:05.900Z",
"dateUpdated": "2025-10-09T17:38:35.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10283 (GCVE-0-2025-10283)
Vulnerability from nvd – Published: 2025-10-09 15:46 – Updated: 2025-10-09 17:39
VLAI?
Title
Improper .git Sanitization in gitdumper Enables RCE
Summary
BBOT's gitdumper module could be abused to execute commands through a malicious git repository.
Severity ?
9.6 (Critical)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BLSOPS, LLC | bbot |
Affected:
0.0.0 , ≤ 2.6.1
(2.7.1)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10283",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-09T17:38:56.042030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T17:39:02.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/bbot/",
"defaultStatus": "unaffected",
"packageName": "bbot",
"platforms": [
"Linux"
],
"product": "bbot",
"repo": "https://github.com/blacklanternsecurity/bbot",
"vendor": "BLSOPS, LLC",
"versions": [
{
"lessThanOrEqual": "2.6.1",
"status": "affected",
"version": "0.0.0",
"versionType": "2.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BBOT\u0027s gitdumper module could be abused to execute commands through a malicious git repository.\u003cbr\u003e"
}
],
"value": "BBOT\u0027s gitdumper module could be abused to execute commands through a malicious git repository."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T15:55:12.470Z",
"orgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"shortName": "BLSOPS"
},
"references": [
{
"url": "https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper .git Sanitization in gitdumper Enables RCE",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"assignerShortName": "BLSOPS",
"cveId": "CVE-2025-10283",
"datePublished": "2025-10-09T15:46:12.847Z",
"dateReserved": "2025-09-11T16:19:04.815Z",
"dateUpdated": "2025-10-09T17:39:02.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10282 (GCVE-0-2025-10282)
Vulnerability from nvd – Published: 2025-10-09 15:46 – Updated: 2025-10-09 19:03
VLAI?
Title
GitLab Domain Confusion in gitlab Leaks API Key
Summary
BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL.
Severity ?
4.7 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BLSOPS, LLC | bbot |
Affected:
0.0.0 , ≤ 2.6.1
(2.7.1)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10282",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-09T19:02:56.555078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T19:03:04.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/bbot/",
"defaultStatus": "unaffected",
"packageName": "bbot",
"platforms": [
"Linux"
],
"product": "bbot",
"repo": "https://github.com/blacklanternsecurity/bbot",
"vendor": "BLSOPS, LLC",
"versions": [
{
"lessThanOrEqual": "2.6.1",
"status": "affected",
"version": "0.0.0",
"versionType": "2.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BBOT\u0027s gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL."
}
],
"value": "BBOT\u0027s gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Man in the Middle Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T15:55:05.919Z",
"orgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"shortName": "BLSOPS"
},
"references": [
{
"url": "https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GitLab Domain Confusion in gitlab Leaks API Key",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"assignerShortName": "BLSOPS",
"cveId": "CVE-2025-10282",
"datePublished": "2025-10-09T15:46:10.669Z",
"dateReserved": "2025-09-11T16:19:03.671Z",
"dateUpdated": "2025-10-09T19:03:04.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10281 (GCVE-0-2025-10281)
Vulnerability from nvd – Published: 2025-10-09 15:45 – Updated: 2025-10-09 19:04
VLAI?
Title
Insecure URL Handling in git_clone Leading to Leaked API Key
Summary
BBOT's git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL.
Severity ?
4.7 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BLSOPS, LLC | bbot |
Affected:
0.0.0 , ≤ 2.6.1
(2.7.1)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-09T19:04:25.334821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T19:04:36.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/bbot/",
"defaultStatus": "unaffected",
"packageName": "bbot",
"platforms": [
"Linux"
],
"product": "bbot",
"repo": "https://github.com/blacklanternsecurity/bbot",
"vendor": "BLSOPS, LLC",
"versions": [
{
"lessThanOrEqual": "2.6.1",
"status": "affected",
"version": "0.0.0",
"versionType": "2.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BBOT\u0027s git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL."
}
],
"value": "BBOT\u0027s git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Man in the Middle Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T15:54:55.350Z",
"orgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"shortName": "BLSOPS"
},
"references": [
{
"url": "https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure URL Handling in git_clone Leading to Leaked API Key",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"assignerShortName": "BLSOPS",
"cveId": "CVE-2025-10281",
"datePublished": "2025-10-09T15:45:56.325Z",
"dateReserved": "2025-09-11T16:19:02.209Z",
"dateUpdated": "2025-10-09T19:04:36.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}