GHSA-3mp7-vp6j-2mxx

Source

https://github.com/advisories/GHSA-3mp7-vp6j-2mxx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-3mp7-vp6j-2mxx/GHSA-3mp7-vp6j-2mxx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3mp7-vp6j-2mxx

Aliases

CVE-2026-12566

Published

2026-06-18T15:03:25Z

Modified

2026-06-18T15:17:19.029003510Z

Severity

3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing

Details

The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without validation. An attacker in a man-in-the-middle position between bbot and a Docker registry could modify this header to redirect the authentication request to an arbitrary endpoint, potentially leaking authentication tokens.

Database specific

{
    "nvd_published_at": "2026-06-17T23:17:03Z",
    "github_reviewed_at": "2026-06-18T15:03:25Z",
    "github_reviewed": true,
    "severity": "LOW",
    "cwe_ids": [
        "CWE-20",
        "CWE-918"
    ]
}

References

Affected packages

PyPI / bbot

Package

Name: bbot; View open source insights on deps.dev
Purl: pkg:pypi/bbot

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.8.5

Affected versions

2.*

2.0.0

2.0.0.4250rc0

2.0.0.4372rc0

2.0.0.4378rc0

2.0.0.4380rc0

2.0.0.4398rc0

2.0.0.4400rc0

2.0.0.4434rc0

2.0.0.4460rc0

2.0.0.4478rc0

2.0.0.4494rc0

2.0.0.4515rc0

2.0.0.4524rc0

2.0.0.4535rc0

2.0.0.4538rc0

2.0.0.4569rc0

2.0.0.4575rc0

2.0.0.4580rc0

2.0.0.4582rc0

2.0.0.4585rc0

2.0.0.4588rc0

2.0.0.4591rc0

2.0.0.4603rc0

2.0.0.4606rc0

2.0.0.4610rc0

2.0.1

2.0.1.4638rc0

2.0.1.4642rc0

2.0.1.4648rc0

2.0.1.4650rc0

2.0.1.4654rc0

2.0.1.4657rc0

2.0.1.4660rc0

2.0.1.4675rc0

2.0.1.4685rc0

2.0.1.4705rc0

2.0.1.4709rc0

2.0.1.4716rc0

2.0.1.4720rc0

2.0.1.4722rc0

2.0.1.4730rc0

2.0.1.4732rc0

2.0.1.4745rc0

2.0.1.4750rc0

2.0.1.4756rc0

2.0.1.4760rc0

2.0.1.4762rc0

2.0.1.4764rc0

2.0.1.4774rc0

2.0.1.4777rc0

2.0.1.4779rc0

2.0.1.4782rc0

2.0.1.4790rc0

2.0.1.4792rc0

2.1.0

2.1.0.4809rc0

2.1.0.4813rc0

2.1.0.4815rc0

2.1.0.4817rc0

2.1.0.4819rc0

2.1.0.4921rc0

2.1.0.4929rc0

2.1.0.4935rc0

2.1.0.4937rc0

2.1.0.4939rc0

2.1.0.4951rc0

2.1.0.4954rc0

2.1.0.4957rc0

2.1.0.4959rc0

2.1.0.4971rc0

2.1.0.4978rc0

2.1.0.4980rc0

2.1.0.4984rc0

2.1.0.4992rc0

2.1.0.4995rc0

2.1.0.4999rc0

2.1.0.5001rc0

2.1.0.5004rc0

2.1.0.5021rc0

2.1.0.5028rc0

2.1.0.5036rc0

2.1.0.5040rc0

2.1.0.5078rc0

2.1.0.5082rc0

2.1.0.5097rc0

2.1.1

2.1.1.5103rc0

2.1.1.5119rc0

2.1.1.5121rc0

2.1.1.5123rc0

2.1.1.5125rc0

2.1.1.5127rc0

2.1.1.5138rc0

2.1.2

2.1.2.5140rc0

2.1.2.5147rc0

2.1.2.5149rc0

2.1.2.5152rc0

2.1.2.5154rc0

2.1.2.5156rc0

2.1.2.5158rc0

2.1.2.5161rc0

2.1.2.5171rc0

2.1.2.5173rc0

2.1.2.5175rc0

2.1.2.5180rc0

2.1.2.5182rc0

2.1.2.5184rc0

2.1.2.5192rc0

2.1.2.5196rc0

2.1.2.5202rc0

2.1.2.5217rc0

2.1.2.5221rc0

2.1.2.5223rc0

2.1.2.5232rc0

2.1.2.5234rc0

2.1.2.5236rc0

2.1.2.5238rc0

2.1.2.5240rc0

2.2.0

2.2.0.5242rc0

2.2.0.5263rc0

2.2.0.5279rc0

2.2.0.5309rc0

2.2.0.5311rc0

2.3.0.5324rc0

2.3.0.5328rc0

2.3.0.5336rc0

2.3.0.5354rc0

2.3.0.5362rc0

2.3.0.5364rc0

2.3.0.5368rc0

2.3.0.5370rc0

2.3.0.5376rc0

2.3.0.5382rc0

2.3.0.5384rc0

2.3.0.5397rc0

2.3.0.5399rc0

2.3.0.5401rc0

2.3.0.5404rc0

2.3.0.5412rc0

2.3.0.5414rc0

2.3.0.5418rc0

2.3.0.5423rc0

2.3.0.5438rc0

2.3.0.5445rc0

2.3.0.5447rc0

2.3.0.5455rc0

2.3.0.5459rc0

2.3.0.5461rc0

2.3.0.5465rc0

2.3.0.5467rc0

2.3.0.5473rc0

2.3.0.5477rc0

2.3.0.5479rc0

2.3.0.5482rc0

2.3.0.5484rc0

2.3.0.5489rc0

2.3.0.5491rc0

2.3.0.5504rc0

2.3.0.5515rc0

2.3.0.5518rc0

2.3.0.5520rc0

2.3.0.5522rc0

2.3.0.5524rc0

2.3.0.5532rc0

2.3.0.5538rc0

2.3.0.5546rc0

2.3.0.5809rc0

2.3.1

2.3.1.5815rc0

2.3.1.5818rc0

2.3.1.5820rc0

2.3.2

2.3.2.5825rc0

2.3.2.5827rc0

2.3.2.5829rc0

2.3.2.5832rc0

2.3.2.5836rc0

2.3.2.5838rc0

2.3.2.5841rc0

2.3.2.5848rc0

2.3.2.5850rc0

2.3.2.5855rc0

2.3.2.5874rc0

2.3.2.5889rc0

2.3.2.5893rc0

2.3.2.5897rc0

2.3.2.5904rc0

2.3.2.5906rc0

2.3.2.5909rc0

2.3.2.5913rc0

2.3.2.5915rc0

2.3.2.5927rc0

2.3.2.5938rc0

2.3.2.5942rc0

2.3.2.5944rc0

2.3.2.5950rc0

2.3.2.5958rc0

2.3.2.5967rc0

2.3.2.5971rc0

2.4.0

2.4.0.5974rc0

2.4.0.5977rc0

2.4.0.5984rc0

2.4.0.5986rc0

2.4.0.5988rc0

2.4.0.5992rc0

2.4.0.5995rc0

2.4.0.5997rc0

2.4.0.5999rc0

2.4.0.6005rc0

2.4.0.6007rc0

2.4.0.6031rc0

2.4.0.6037rc0

2.4.0.6039rc0

2.4.0.6045rc0

2.4.0.6050rc0

2.4.0.6067rc0

2.4.0.6073rc0

2.4.1

2.4.1.6075rc0

2.4.1.6077rc0

2.4.1.6089rc0

2.4.1.6094rc0

2.4.1.6095rc0

2.4.1.6100rc0

2.4.1.6107rc0

2.4.2

2.4.2.6109rc0

2.4.2.6590rc0

2.4.2.6596rc0

2.4.2.6608rc0

2.4.2.6611rc0

2.4.2.6615rc0

2.4.2.6621rc0

2.4.2.6623rc0

2.4.2.6635rc0

2.4.2.6638rc0

2.4.2.6653rc0

2.4.2.6655rc0

2.4.2.6659rc0

2.4.2.6677rc0

2.4.2.6706rc0

2.5.0

2.5.0.6715rc0

2.5.0.6719rc0

2.5.0.6721rc0

2.5.0.6730rc0

2.5.0.6734rc0

2.5.0.6737rc0

2.5.0.6742rc0

2.5.0.6747rc0

2.5.0.6765rc0

2.5.0.6769rc0

2.5.0.6773rc0

2.5.0.6779rc0

2.5.0.6782rc0

2.5.0.6790rc0

2.5.0.6803rc0

2.5.0.6807rc0

2.5.0.6817rc0

2.5.0.6831rc0

2.6.0

2.6.0.6840rc0

2.6.0.6842rc0

2.6.0.6846rc0

2.6.0.6851rc0

2.6.0.6853rc0

2.6.0.6856rc0

2.6.0.6871rc0

2.6.0.6879rc0

2.6.1

2.6.1.6901rc0

2.6.1.6913rc0

2.6.1.6915rc0

2.7.0

2.7.0.6919rc0

2.7.0.6925rc0

2.7.0.6930rc0

2.7.0.6932rc0

2.7.0.6948rc0

2.7.0.6962rc0

2.7.0.6989rc0

2.7.0.6995rc0

2.7.0.7002rc0

2.7.0.7010rc0

2.7.0.7014rc0

2.7.0.7023rc0

2.7.0.7027rc0

2.7.0.7090rc0

2.7.0.7092rc0

2.7.0.7094rc0

2.7.0.7096rc0

2.7.0.7098rc0

2.7.0.7100rc0

2.7.0.7108rc0

2.7.0.7112rc0

2.7.0.7116rc0

2.7.0.7136rc0

2.7.1

2.7.1.7141rc0

2.7.1.7149rc0

2.7.1.7151rc0

2.7.1.7153rc0

2.7.1.7159rc0

2.7.1.7167rc0

2.7.1.7169rc0

2.7.1.7175rc0

2.7.1.7198rc0

2.7.1.7202rc0

2.7.1.7207rc0

2.7.1.7212rc0

2.7.2

2.7.2.7226rc0

2.7.2.7236rc0

2.7.2.7238rc0

2.7.2.7244rc0

2.7.2.7254rc0

2.7.2.7256rc0

2.7.2.7269rc0

2.7.2.7271rc0

2.7.2.7278rc0

2.7.2.7284rc0

2.7.2.7286rc0

2.7.2.7288rc0

2.7.2.7298rc0

2.7.2.7303rc0

2.7.2.7311rc0

2.7.2.7319rc0

2.7.2.7324rc0

2.7.2.7334rc0

2.7.2.7337rc0

2.7.2.7342rc0

2.7.2.7353rc0

2.7.2.7355rc0

2.7.2.7361rc0

2.7.2.7364rc0

2.7.2.7367rc0

2.7.2.7369rc0

2.7.2.7379rc0

2.7.2.7381rc0

2.7.2.7383rc0

2.7.2.7388rc0

2.7.2.7396rc0

2.7.2.7400rc0

2.7.2.7406rc0

2.7.2.7410rc0

2.7.2.7412rc0

2.7.2.7414rc0

2.7.2.7418rc0

2.7.2.7424rc0

2.7.2.7426rc0

2.7.2.7428rc0

2.7.2.7439rc0

2.8.0

2.8.0.7448rc0

2.8.0.7450rc0

2.8.0.7452rc0

2.8.0.7459rc0

2.8.1

2.8.1.7464rc0

2.8.1.7470rc0

2.8.1.7477rc0

2.8.2

2.8.2.7481rc0

2.8.2.7483rc0

2.8.2.7485rc0

2.8.2.7495rc0

2.8.2.7498rc0

2.8.2.7503rc0

2.8.2.7505rc0

2.8.2.7508rc0

2.8.2.7516rc0

2.8.3

2.8.3.7522rc0

2.8.3.7533rc0

2.8.3.7535rc0

2.8.3.7546rc0

2.8.3.7550rc0

2.8.3.7553rc0

2.8.3.7555rc0

2.8.4

2.8.4.7557rc0

2.8.4.7559rc0

2.8.4.7575rc0

2.8.4.7578rc0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-3mp7-vp6j-2mxx/GHSA-3mp7-vp6j-2mxx.json"

last_known_affected_version_range

"<= 2.8.4"