Auth bypass in Finos Git-proxy

CVE-2025-54583

GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). Versions 1.19.1 and below allow users to push to remote repositories while bypassing policies and explicit approvals. Since checks and…

Vulnerability class: Broken Access Control

EPSS: 0.002 (40.3th percentile) — read the EPSS interpretation.

Affected products

Finos Git-proxy — versions < 1.19.2

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

https://github.com/finos/git-proxy/security/advisories/GHSA-qr93-8wwf-22g4 (x_refsource_CONFIRM)
https://github.com/finos/git-proxy/commit/a620a2f33c39c78e01783a274580bf822af3cc3a (x_refsource_MISC)
https://github.com/finos/git-proxy/commit/bd2ecb2099cba21bca3941ee4d655d2eb887b3a9 (x_refsource_MISC)
https://github.com/finos/git-proxy/releases/tag/v1.19.2 (x_refsource_MISC)