Description

Infrahub offers a central hub to manage data, templates, and playbooks. Prior to versiond 1.3.9 and 1.4.5, a bug in the authentication logic will cause API tokens that were deleted and/or expired to be considered valid. This means that any API token that is associated with an active user account can authenticate successfully. This issue is fixed in versions 1.3.9 and 1.4.5. As a workaround, users can delete or deactivate the account associated with a deleted API token to prevent that token from authenticating.

INFO

Published Date :

2025-09-09T22:06:47.800Z

Last Modified :

2025-09-10T19:30:55.968Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-59036 vulnerability.

Vendors Products
Opsmill
  • Infrahub
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59036.

URL Resource
https://github.com/opsmill/infrahub/security/advisories/GHSA-v2p7-4pv4-3wwh cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact