{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T15:16:58.972","vulnerabilities":[{"cve":{"id":"CVE-2025-54583","sourceIdentifier":"security-advisories@github.com","published":"2025-07-30T20:15:38.177","lastModified":"2025-08-01T20:04:33.990","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and plugins are skipped, code containing secrets or unwanted changes could be pushed into a repository. This is fixed in version 1.19.2."},{"lang":"es","value":"GitProxy es una aplicación que se interpone entre los desarrolladores y un endpoint remoto de Git (p. ej., github.com). Las versiones 1.19.1 y anteriores permiten a los usuarios enviar contenido a repositorios remotos, omitiendo políticas y aprobaciones explícitas. Dado que se omiten las comprobaciones y los complementos, el código que contiene secretos o cambios no deseados podría enviarse a un repositorio. Esto se solucionó en la versión 1.19.2."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:finos:gitproxy:*:*:*:*:*:*:*:*","versionEndExcluding":"1.19.2","matchCriteriaId":"5066AC65-E6FA-4582-AE66-0CBBED07F809"}]}]}],"references":[{"url":"https://github.com/finos/git-proxy/commit/a620a2f33c39c78e01783a274580bf822af3cc3a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/finos/git-proxy/commit/bd2ecb2099cba21bca3941ee4d655d2eb887b3a9","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/finos/git-proxy/releases/tag/v1.19.2","source":"security-advisories@github.com","tags":["Patch","Release Notes"]},{"url":"https://github.com/finos/git-proxy/security/advisories/GHSA-qr93-8wwf-22g4","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]}]}}]}