CVE-2025-54585
BaseFortify
Publication date: 2025-07-30
Last updated on: 2025-08-01
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| finos | gitproxy | to 1.19.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in GitProxy versions 1.19.1 and below allows attackers to bypass the approval process for prior commits on a parent branch when creating new branches. It exploits how GitProxy handles new branch creation, enabling unapproved changes to be pushed without proper review. The attack requires only regular push access and the approval of a GitProxy administrator or designated user for the child branch push. This issue is fixed in version 1.19.2.
How can this vulnerability impact me? :
The vulnerability can impact users or organizations relying on GitProxy to enforce policy and prevent unapproved changes. Attackers can push changes that bypass the approval process, potentially introducing unauthorized or malicious code into the codebase. This undermines the integrity of the development workflow and can lead to security risks or operational issues.
What immediate steps should I take to mitigate this vulnerability?
Upgrade GitProxy to version 1.19.2 or later, as this version contains the fix for the vulnerability. Additionally, review and enforce strict approval policies for branch creation and push access to prevent bypassing commit approvals.