GHSA-p3v4-c93g-cmhw

Source

https://github.com/advisories/GHSA-p3v4-c93g-cmhw

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-p3v4-c93g-cmhw/GHSA-p3v4-c93g-cmhw.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-p3v4-c93g-cmhw

Aliases

CVE-2025-10282

Published

2025-10-27T20:15:12Z

Modified

2025-10-27T20:27:42.005044Z

Severity

4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N CVSS Calculator

Summary

BBOT's gitlab.py exposes globally configured "gitlab" API key

Details

Summary

bbot's gitlab.py sends the user's "gitlab" API key to on-premise GitLab instances.

If a user has configured a gitlab.com API key using this mechanism, it may be leaked to an attacker-controlled server.

Impact

A user with a "gitlab" API key configured who uses bbot to scan a malicious webserver may leak their gitlab.com API key to an untrustworthy server.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-27T20:15:12Z",
    "nvd_published_at": "2025-10-09T16:15:43Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-200"
    ]
}

References

Affected packages

PyPI / bbot

Package

Name: bbot; View open source insights on deps.dev
Purl: pkg:pypi/bbot

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.2

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.3.512

1.0.3.521

1.0.3.545

1.0.3.583

1.0.3.696

1.0.3.777

1.0.3.780

1.0.3.919

1.0.4.922

1.0.4.1132rc0

1.0.4.1134rc0

1.0.4.1139rc0

1.0.4.1141rc0

1.0.4.1147rc0

1.0.4.1156rc0

1.0.4.1158rc0

1.0.4.1160rc0

1.0.4.1162rc0

1.0.4.1164rc0

1.0.4.1166rc0

1.0.4.1168rc0

1.0.4.1170rc0

1.0.4.1173rc0

1.0.4.1175rc0

1.0.4.1177rc0

1.0.4.1183rc0

1.0.4.1185rc0

1.0.4.1193rc0

1.0.4.1197rc0

1.0.4.1199rc0

1.0.4.1233rc0

1.0.4.1235rc0

1.0.4.1237rc0

1.0.4.1242rc0

1.0.4.1262rc0

1.0.4.1266rc0

1.0.4.1269rc0

1.0.4.1272rc0

1.0.4.1276rc0

1.0.4.1279rc0

1.0.4.1285rc0

1.0.4.1303rc0

1.0.4.1306rc0

1.0.4.1310rc0

1.0.5.1313rc0

1.0.5.1317rc0

1.0.5.1329rc0

1.0.5.1331rc0

1.0.5.1331

1.0.5.1333rc0

1.0.5.1336

1.0.5.1342rc0

1.0.5.1345rc0

1.0.5.1347rc0

1.0.5.1351rc0

1.0.5.1355

1.0.5.1356rc0

1.0.5.1358

1.0.5.1360rc0

1.0.5.1362rc0

1.0.5.1366rc0

1.0.5.1370rc0

1.0.5.1374rc0

1.0.5.1377rc0

1.0.5.1388rc0

1.0.5.1391

1.0.5.1393

1.0.5.1395rc0

1.0.5.1406rc0

1.0.5.1413rc0

1.0.5.1419rc0

1.0.5.1423rc0

1.0.5.1429rc0

1.0.5.1432rc0

1.0.5.1436rc0

1.0.5.1444rc0

1.0.5.1448rc0

1.0.5.1450rc0

1.0.5.1456rc0

1.0.5.1460rc0

1.0.5.1469rc0

1.0.5.1471rc0

1.0.5.1515rc0

1.0.5.1519rc0

1.0.5.1524rc0

1.0.5.1528rc0

1.0.5.1544rc0

1.0.5.1547rc0

1.0.5.1555rc0

1.0.5.1563rc0

1.0.5.1567rc0

1.0.5.1595rc0

1.0.5.1597rc0

1.0.5.1598

1.0.5.1612rc0

1.0.5.1614

1.0.5.1625rc0

1.0.5.1654rc0

1.0.5.1656rc0

1.0.5.1660rc0

1.0.5.1663rc0

1.0.5.1665rc0

1.0.5.1665

1.0.5.1793rc0

1.0.5.1796rc0

1.0.5.1798rc0

1.0.5.1800rc0

1.0.5.1802rc0

1.0.5.1804rc0

1.0.5.1815rc0

1.0.5.1817rc0

1.0.5.1821rc0

1.0.5.1833rc0

1.0.5.1839rc0

1.0.6.2

1.1.0.1903rc0

1.1.0.1905rc0

1.1.0.1908rc0

1.1.0.1924rc0

1.1.0.1936rc0

1.1.0.1954rc0

1.1.0.1958rc0

1.1.0.2024rc0

1.1.0.2034rc0

1.1.0.2036rc0

1.1.0.2039rc0

1.1.0.2043rc0

1.1.0.2083rc0

1.1.0.2090

1.1.0.2113rc0

1.1.0.2116rc0

1.1.0.2119rc0

1.1.0.2124

1.1.1

1.1.1.2135rc0

1.1.1.2137rc0

1.1.1.2148rc0

1.1.1.2167rc0

1.1.1.2175rc0

1.1.1.2191rc0

1.1.1.2196rc0

1.1.1.2204rc0

1.1.1.2229rc0

1.1.1.2234rc0

1.1.1.2265rc0

1.1.1.2269rc0

1.1.1.2276rc0

1.1.1.2297rc0

1.1.1.2300rc0

1.1.2

1.1.2.2311rc0

1.1.2.2315rc0

1.1.2.2317rc0

1.1.2.2321rc0

1.1.2.2326rc0

1.1.2.2330rc0

1.1.2.2336rc0

1.1.2.2338rc0

1.1.2.2343rc0

1.1.3

1.1.3.2348rc0

1.1.3.2367rc0

1.1.3.2372rc0

1.1.3.2386rc0

1.1.3.2411rc0

1.1.3.2417rc0

1.1.3.2430rc0

1.1.3.2446rc0

1.1.3.2458rc0

1.1.3.2488rc0

1.1.3.2497rc0

1.1.3.2499rc0

1.1.3.2524rc0

1.1.3.2542rc0

1.1.3.2553rc0

1.1.3.2555rc0

1.1.3.2564rc0

1.1.3.2570rc0

1.1.3.2578rc0

1.1.3.2580rc0

1.1.3.2603rc0

1.1.3.2605rc0

1.1.3.2612rc0

1.1.3.2614rc0

1.1.3.2616rc0

1.1.3.2636rc0

1.1.4

1.1.4.2638rc0

1.1.4.2640rc0

1.1.4.2642rc0

1.1.4.2669rc0

1.1.4.2672rc0

1.1.4.2699rc0

1.1.4.2703rc0

1.1.5

1.1.5.2705rc0

1.1.5.2707rc0

1.1.5.2714rc0

1.1.5.2718rc0

1.1.5.2731rc0

1.1.5.2733rc0

1.1.5.2742rc0

1.1.5.2746rc0

1.1.5.2748rc0

1.1.5.2750rc0

1.1.5.2753rc0

1.1.6

1.1.6.1

1.1.6.3

1.1.6.2756rc0

1.1.6.2759rc0

1.1.6.2762rc0

1.1.6.2767rc0

1.1.6.2769rc0

1.1.6.2772rc0

1.1.6.2777rc0

1.1.6.2785rc0

1.1.6.2787rc0

1.1.6.2792rc0

1.1.6.2795rc0

1.1.6.2797rc0

1.1.6.2801rc0

1.1.6.2804rc0

1.1.6.2826rc0

1.1.6.2832rc0

1.1.6.2834rc0

1.1.6.2879rc0

1.1.6.2886rc0

1.1.6.2888rc0

1.1.6.2891rc0

1.1.6.2896rc0

1.1.6.2902rc0

1.1.6.2910rc0

1.1.6.2913rc0

1.1.7

1.1.7.2rc0

1.1.7.6rc0

1.1.7.7rc0

1.1.7.2968rc0

1.1.7.2972rc0

1.1.7.2980rc0

1.1.7.2982rc0

1.1.7.2984rc0

1.1.7.2998rc0

1.1.7.3001rc0

1.1.7.3005rc0

1.1.7.3010rc0

1.1.7.3012rc0

1.1.7.3020rc0

1.1.7.3022rc0

1.1.7.3024rc0

1.1.7.3028rc0

1.1.7.3042rc0

1.1.7.3044rc0

1.1.7.3050rc0

1.1.7.3052rc0

1.1.7.3054rc0

1.1.7.3061rc0

1.1.7.3072rc0

1.1.7.3078rc0

1.1.7.3083rc0

1.1.7.3085rc0

1.1.7.3087rc0

1.1.7.3089rc0

1.1.7.3091rc0

1.1.7.3093rc0

1.1.7.3095rc0

1.1.7.3098rc0

1.1.7.3108rc0

1.1.7.3131rc0

1.1.7.3133rc0

1.1.7.3144rc0

1.1.7.3146rc0

1.1.7.3148rc0

1.1.7.3150rc0

1.1.7.3152rc0

1.1.7.3172rc0

1.1.7.3175rc0

1.1.7.3177rc0

1.1.7.3179rc0

1.1.7.3196rc0

1.1.7.3207rc0

1.1.7.3209rc0

1.1.7.3211rc0

1.1.7.3213rc0

1.1.7.3218rc0

1.1.7.3220rc0

1.1.7.3222rc0

1.1.7.3230rc0

1.1.7.3232rc0

1.1.7.3235rc0

1.1.7.3238rc0

1.1.7.3240rc0

1.1.7.3242rc0

1.1.7.3244rc0

1.1.7.3246rc0

1.1.7.3251rc0

1.1.7.3258rc0

1.1.7.3261rc0

1.1.7.3263rc0

1.1.7.3265rc0

1.1.7.3268rc0

1.1.7.3270rc0

1.1.7.3273rc0

1.1.7.3275rc0

1.1.7.3277rc0

1.1.7.3283rc0

1.1.7.3285rc0

1.1.7.3302rc0

1.1.7.3312rc0

1.1.7.3316rc0

1.1.8

1.1.8.3321rc0

1.1.8.3332rc0

1.1.8.3335rc0

1.1.8.3341rc0

1.1.8.3344rc0

1.1.8.3346rc0

1.1.8.3348rc0

1.1.8.3350rc0

1.1.8.3354rc0

1.1.8.3356rc0

1.1.8.3358rc0

1.1.8.3361rc0

1.1.8.3366rc0

1.1.8.3368rc0

1.1.9.3370rc0

1.1.9.3372rc0

1.1.9.3376rc0

1.1.9.3387rc0

1.1.9.3390rc0

1.1.9.3395rc0

1.1.9.3398rc0

1.1.9.3400rc0

1.1.9.3411rc0

1.1.9.3427rc0

1.1.9.3432rc0

1.1.9.3434rc0

1.1.9.3442rc0

1.1.9.3444rc0

1.1.9.3448rc0

1.1.9.3453rc0

1.1.9.3458rc0

1.1.9.3464rc0

1.1.9.3467rc0

2.*

2.0.0

2.0.0.4250rc0

2.0.0.4372rc0

2.0.0.4378rc0

2.0.0.4380rc0

2.0.0.4398rc0

2.0.0.4400rc0

2.0.0.4434rc0

2.0.0.4460rc0

2.0.0.4478rc0

2.0.0.4494rc0

2.0.0.4515rc0

2.0.0.4524rc0

2.0.0.4535rc0

2.0.0.4538rc0

2.0.0.4569rc0

2.0.0.4575rc0

2.0.0.4580rc0

2.0.0.4582rc0

2.0.0.4585rc0

2.0.0.4588rc0

2.0.0.4591rc0

2.0.0.4603rc0

2.0.0.4606rc0

2.0.0.4610rc0

2.0.1

2.0.1.4638rc0

2.0.1.4642rc0

2.0.1.4648rc0

2.0.1.4650rc0

2.0.1.4654rc0

2.0.1.4657rc0

2.0.1.4660rc0

2.0.1.4675rc0

2.0.1.4685rc0

2.0.1.4705rc0

2.0.1.4709rc0

2.0.1.4716rc0

2.0.1.4720rc0

2.0.1.4722rc0

2.0.1.4730rc0

2.0.1.4732rc0

2.0.1.4745rc0

2.0.1.4750rc0

2.0.1.4756rc0

2.0.1.4760rc0

2.0.1.4762rc0

2.0.1.4764rc0

2.0.1.4774rc0

2.0.1.4777rc0

2.0.1.4779rc0

2.0.1.4782rc0

2.0.1.4790rc0

2.0.1.4792rc0

2.1.0

2.1.0.4809rc0

2.1.0.4813rc0

2.1.0.4815rc0

2.1.0.4817rc0

2.1.0.4819rc0

2.1.0.4921rc0

2.1.0.4929rc0

2.1.0.4935rc0

2.1.0.4937rc0

2.1.0.4939rc0

2.1.0.4951rc0

2.1.0.4954rc0

2.1.0.4957rc0

2.1.0.4959rc0

2.1.0.4971rc0

2.1.0.4978rc0

2.1.0.4980rc0

2.1.0.4984rc0

2.1.0.4992rc0

2.1.0.4995rc0

2.1.0.4999rc0

2.1.0.5001rc0

2.1.0.5004rc0

2.1.0.5021rc0

2.1.0.5028rc0

2.1.0.5036rc0

2.1.0.5040rc0

2.1.0.5078rc0

2.1.0.5082rc0

2.1.0.5097rc0

2.1.1

2.1.1.5103rc0

2.1.1.5119rc0

2.1.1.5121rc0

2.1.1.5123rc0

2.1.1.5125rc0

2.1.1.5127rc0

2.1.1.5138rc0

2.1.2

2.1.2.5140rc0

2.1.2.5147rc0

2.1.2.5149rc0

2.1.2.5152rc0

2.1.2.5154rc0

2.1.2.5156rc0

2.1.2.5158rc0

2.1.2.5161rc0

2.1.2.5171rc0

2.1.2.5173rc0

2.1.2.5175rc0

2.1.2.5180rc0

2.1.2.5182rc0

2.1.2.5184rc0

2.1.2.5192rc0

2.1.2.5196rc0

2.1.2.5202rc0

2.1.2.5217rc0

2.1.2.5221rc0

2.1.2.5223rc0

2.1.2.5232rc0

2.1.2.5234rc0

2.1.2.5236rc0

2.1.2.5238rc0

2.1.2.5240rc0

2.2.0

2.2.0.5242rc0

2.2.0.5263rc0

2.2.0.5279rc0

2.2.0.5309rc0

2.2.0.5311rc0

2.3.0.5324rc0

2.3.0.5328rc0

2.3.0.5336rc0

2.3.0.5354rc0

2.3.0.5362rc0

2.3.0.5364rc0

2.3.0.5368rc0

2.3.0.5370rc0

2.3.0.5376rc0

2.3.0.5382rc0

2.3.0.5384rc0

2.3.0.5397rc0

2.3.0.5399rc0

2.3.0.5401rc0

2.3.0.5404rc0

2.3.0.5412rc0

2.3.0.5414rc0

2.3.0.5418rc0

2.3.0.5423rc0

2.3.0.5438rc0

2.3.0.5445rc0

2.3.0.5447rc0

2.3.0.5455rc0

2.3.0.5459rc0

2.3.0.5461rc0

2.3.0.5465rc0

2.3.0.5467rc0

2.3.0.5473rc0

2.3.0.5477rc0

2.3.0.5479rc0

2.3.0.5482rc0

2.3.0.5484rc0

2.3.0.5489rc0

2.3.0.5491rc0

2.3.0.5504rc0

2.3.0.5515rc0

2.3.0.5518rc0

2.3.0.5520rc0

2.3.0.5522rc0

2.3.0.5524rc0

2.3.0.5532rc0

2.3.0.5538rc0

2.3.0.5546rc0

2.3.0.5809rc0

2.3.1

2.3.1.5815rc0

2.3.1.5818rc0

2.3.1.5820rc0

2.3.2

2.3.2.5825rc0

2.3.2.5827rc0

2.3.2.5829rc0

2.3.2.5832rc0

2.3.2.5836rc0

2.3.2.5838rc0

2.3.2.5841rc0

2.3.2.5848rc0

2.3.2.5850rc0

2.3.2.5855rc0

2.3.2.5874rc0

2.3.2.5889rc0

2.3.2.5893rc0

2.3.2.5897rc0

2.3.2.5904rc0

2.3.2.5906rc0

2.3.2.5909rc0

2.3.2.5913rc0

2.3.2.5915rc0

2.3.2.5927rc0

2.3.2.5938rc0

2.3.2.5942rc0

2.3.2.5944rc0

2.3.2.5950rc0

2.3.2.5958rc0

2.3.2.5967rc0

2.3.2.5971rc0

2.4.0

2.4.0.5974rc0

2.4.0.5977rc0

2.4.0.5984rc0

2.4.0.5986rc0

2.4.0.5988rc0

2.4.0.5992rc0

2.4.0.5995rc0

2.4.0.5997rc0

2.4.0.5999rc0

2.4.0.6005rc0

2.4.0.6007rc0

2.4.0.6031rc0

2.4.0.6037rc0

2.4.0.6039rc0

2.4.0.6045rc0

2.4.0.6050rc0

2.4.0.6067rc0

2.4.0.6073rc0

2.4.1

2.4.1.6075rc0

2.4.1.6077rc0

2.4.1.6089rc0

2.4.1.6094rc0

2.4.1.6095rc0

2.4.1.6100rc0

2.4.1.6107rc0

2.4.2

2.4.2.6109rc0

2.4.2.6590rc0

2.4.2.6596rc0

2.4.2.6608rc0

2.4.2.6611rc0

2.4.2.6615rc0

2.4.2.6621rc0

2.4.2.6623rc0

2.4.2.6635rc0

2.4.2.6638rc0

2.4.2.6653rc0

2.4.2.6655rc0

2.4.2.6659rc0

2.4.2.6677rc0

2.4.2.6706rc0

2.5.0

2.5.0.6715rc0

2.5.0.6719rc0

2.5.0.6721rc0

2.5.0.6730rc0

2.5.0.6734rc0

2.5.0.6737rc0

2.5.0.6742rc0

2.5.0.6747rc0

2.5.0.6765rc0

2.5.0.6769rc0

2.5.0.6773rc0

2.5.0.6779rc0

2.5.0.6782rc0

2.5.0.6790rc0

2.5.0.6803rc0

2.5.0.6807rc0

2.5.0.6817rc0

2.5.0.6831rc0

2.6.0

2.6.0.6840rc0

2.6.0.6842rc0

2.6.0.6846rc0

2.6.0.6851rc0

2.6.0.6853rc0

2.6.0.6856rc0

2.6.0.6871rc0

2.6.0.6879rc0

2.6.1

2.6.1.6901rc0

2.6.1.6913rc0

2.6.1.6915rc0

2.7.0

2.7.0.6919rc0

2.7.0.6925rc0

2.7.0.6930rc0

2.7.0.6932rc0

2.7.0.6948rc0

2.7.0.6962rc0

2.7.0.6989rc0

2.7.0.6995rc0

2.7.0.7002rc0

2.7.0.7010rc0

2.7.0.7014rc0

2.7.0.7023rc0

2.7.0.7027rc0

2.7.0.7090rc0

2.7.0.7092rc0

2.7.0.7094rc0

2.7.0.7096rc0

2.7.0.7098rc0

2.7.0.7100rc0

2.7.0.7108rc0

2.7.0.7112rc0

2.7.0.7116rc0

2.7.0.7136rc0

2.7.1

2.7.1.7141rc0

2.7.1.7149rc0

2.7.1.7151rc0

2.7.1.7153rc0

2.7.1.7159rc0

2.7.1.7167rc0

2.7.1.7169rc0

2.7.1.7175rc0

2.7.1.7198rc0

2.7.1.7202rc0

2.7.1.7207rc0

2.7.1.7212rc0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-p3v4-c93g-cmhw/GHSA-p3v4-c93g-cmhw.json"

last_known_affected_version_range

"< 2.7.0"