CVE-2025-67844

Medium CVSS: 5.0

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub App Installation ID associated with the user's organization.

Vendor

Mintlify

Product

Mintlify

CWE

CWE-425

Yayın Tarihi

2025-12-19 02:16:09

Güncelleme

2026-01-02 16:10:46

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-425 Mintlify MEDIUM Mintlify 2025

Referanslar

https://kibty.town/blog/mintlify/ https://news.ycombinator.com/item?id=46317098 https://www.mintlify.com/blog/working-with-security-researchers-november-2025 https://www.mintlify.com/docs/changelog

Benzer Kayıtlar

Medium

CVE-2025-67845

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows rem…

Medium

CVE-2025-67846

The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches…

Medium

CVE-2025-67842

The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HT…

High

CVE-2025-67843

A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15…