CVE Details
Basic Information
| Title | GitProxy bypasses approvals when pushing multiple branches |
|---|---|
| Type | cve |
| Published | 2025-07-30T19:59:44.317Z |
| Modified | 2025-07-30T20:13:10.804Z |
Product Information
| Vendor | finos |
|---|---|
| Product | git-proxy |
| Version | < 1.19.2 |
CVSS Information
| Base Score | 8.3 (HIGH) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N |
AI Analysis
| AI Description | GitProxy versions 1.19.1 and below allow users to bypass policies and approvals when pushing to remote repositories, potentially allowing malicious code or sensitive data to be pushed. This vulnerability is fixed in version 1.19.2. |
|---|---|
| AI Severity | High |
| AI Vendor | finos |
| AI Product | git-proxy |
| AI Version | 1.19.1 and below |
Affected Products
- finos git-proxy < 1.19.2
Additional Information
| CWE List | CWE-863 |
|---|---|
| Source | GitHub_M |
Description
GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted changes could be pushed into a repository. This is fixed in version 1.19.2.