Infrahub · Infrahub · CVE-2025-59036
Name of the Vulnerable Software and Affected Versions:
Infrahub versions prior to 1.3.9
Infrahub versions prior to 1.4.5
Description:
Infrahub provides a central hub for managing data, templates, and playbooks. A flaw in the authentication logic allows deleted or expired API tokens to be considered valid, enabling authentication with any API token associated with an active user account.
Recommendations:
For versions prior to 1.3.9, delete or deactivate the account associated with a deleted API token to prevent authentication.
For versions prior to 1.4.5, delete or deactivate the account associated with a deleted API token to prevent authentication.