FKIE_CVE-2025-52477

Vulnerability from fkie_nvd - Published: 2025-06-26 17:15 - Updated: 2025-06-26 18:57
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Summary
Octo-STS is a GitHub App that acts like a Security Token Service (STS) for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error logs with sensitive information. Upgrade to v0.5.3 to resolve this issue. This version includes patch sets to sanitize input and redact logging.
References
security-advisories@github.comhttps://github.com/octo-sts/app/commit/0f177fde54f9318e33f0bba6abaea9463a7c3afd
security-advisories@github.comhttps://github.com/octo-sts/app/commit/b3976e39bd8c8c217c0670747d34a4499043da92
security-advisories@github.comhttps://github.com/octo-sts/app/security/advisories/GHSA-h3qp-hwvr-9xcq
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Octo-STS is a GitHub App that acts like a Security Token Service (STS) for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error logs with sensitive information. Upgrade to v0.5.3 to resolve this issue. This version includes patch sets to sanitize input and redact logging."
    },
    {
      "lang": "es",
      "value": "Octo-STS es una aplicaci\u00f3n de GitHub que funciona como un Servicio de Token de Seguridad (STS) para la API de GitHub. Las versiones de Octo-STS anteriores a la v0.5.3 son vulnerables a SSRF no autenticado al abusar de los campos de los tokens de OpenID Connect. Se ha demostrado que los tokens maliciosos activan solicitudes de red internas que podr\u00edan reflejar registros de errores con informaci\u00f3n confidencial. Actualice a la v0.5.3 para resolver este problema. Esta versi\u00f3n incluye conjuntos de parches para sanear la entrada y redactar los registros."
    }
  ],
  "id": "CVE-2025-52477",
  "lastModified": "2025-06-26T18:57:43.670",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-26T17:15:30.897",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/octo-sts/app/commit/0f177fde54f9318e33f0bba6abaea9463a7c3afd"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/octo-sts/app/commit/b3976e39bd8c8c217c0670747d34a4499043da92"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/octo-sts/app/security/advisories/GHSA-h3qp-hwvr-9xcq"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.