PT-2025-52405 · Mintlify · Mintlify Platform
Kibty
·
Published
2025-12-18
·
Updated
2025-12-21
·
CVE-2025-67844
CVSS v3.1
5.0
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mintlify Platform versions prior to 2025-11-15
Description
The GitHub Integration API in Mintlify Platform has an issue where it does not properly validate the repository owner and name fields during configuration. This allows remote attackers to potentially obtain sensitive repository metadata by providing repository owner and name fields that do not belong to the user's organization's GitHub App Installation ID. The API endpoint affected is the GitHub Integration API. The vulnerable parameters are the repository owner and name fields.
Recommendations
Update Mintlify Platform to version 2025-11-15 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mintlify Platform