Eleftherias

**Name of the Vulnerable Software and Affected Versions** Minder by Stacklok versions prior to the version that includes pull request 2941 **Description** A recent refactoring added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would select a random repository. This issue allows for a data leak. **Recommendations** For versions prior to the patch in pull request 2941, revert prior to commit `5c381cf`, or roll forward past `2eb94e7` to resolve the issue. As a temporary workaround, consider restricting access to the affected SQL query until a patch is available.