Search

Find a vulnerability

Search criteria

    2 vulnerabilities by bullfrogsec

    CVE-2025-47775 (GCVE-0-2025-47775)

    Vulnerability from nvd – Published: 2025-05-14 15:18 – Updated: 2025-05-14 15:42
    VLAI
    Title
    Bullfrog's DNS over TCP bypasses domain filtering
    Summary
    Bullfrog is a GithHb Action to block unauthorized outbound traffic in GitHub workflows. Prior to version 0.8.4, using tcp breaks blocking and allows DNS exfiltration. This can result in sandbox bypass. Version 0.8.4 fixes the issue.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Insertion of Sensitive Information Into Sent Data
    Assigner
    Impacted products
    Vendor Product Version
    bullfrogsec bullfrog Affected: < 0.8.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-47775",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-14T15:42:37.896447Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-14T15:42:42.206Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/bullfrogsec/bullfrog/security/advisories/GHSA-m32f-fjw2-37v3"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "bullfrog",
              "vendor": "bullfrogsec",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.8.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bullfrog is a GithHb Action to block unauthorized outbound traffic in GitHub workflows. Prior to version 0.8.4, using tcp breaks blocking and allows DNS exfiltration. This can result in sandbox bypass. Version 0.8.4 fixes the issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-14T15:18:37.058Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/bullfrogsec/bullfrog/security/advisories/GHSA-m32f-fjw2-37v3",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/bullfrogsec/bullfrog/security/advisories/GHSA-m32f-fjw2-37v3"
            },
            {
              "name": "https://github.com/bullfrogsec/bullfrog/commit/ae7744ae4b3a6f8ffc2e49f501e30bf1a43d4671",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/bullfrogsec/bullfrog/commit/ae7744ae4b3a6f8ffc2e49f501e30bf1a43d4671"
            },
            {
              "name": "https://github.com/bullfrogsec/bullfrog/releases/tag/v0.8.4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/bullfrogsec/bullfrog/releases/tag/v0.8.4"
            }
          ],
          "source": {
            "advisory": "GHSA-m32f-fjw2-37v3",
            "discovery": "UNKNOWN"
          },
          "title": "Bullfrog\u0027s DNS over TCP bypasses domain filtering"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-47775",
        "datePublished": "2025-05-14T15:18:37.058Z",
        "dateReserved": "2025-05-09T19:49:35.619Z",
        "dateUpdated": "2025-05-14T15:42:42.206Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-47775 (GCVE-0-2025-47775)

    Vulnerability from cvelistv5 – Published: 2025-05-14 15:18 – Updated: 2025-05-14 15:42
    VLAI
    Title
    Bullfrog's DNS over TCP bypasses domain filtering
    Summary
    Bullfrog is a GithHb Action to block unauthorized outbound traffic in GitHub workflows. Prior to version 0.8.4, using tcp breaks blocking and allows DNS exfiltration. This can result in sandbox bypass. Version 0.8.4 fixes the issue.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-201 - Insertion of Sensitive Information Into Sent Data
    Assigner
    Impacted products
    Vendor Product Version
    bullfrogsec bullfrog Affected: < 0.8.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-47775",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-14T15:42:37.896447Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-14T15:42:42.206Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/bullfrogsec/bullfrog/security/advisories/GHSA-m32f-fjw2-37v3"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "bullfrog",
              "vendor": "bullfrogsec",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 0.8.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Bullfrog is a GithHb Action to block unauthorized outbound traffic in GitHub workflows. Prior to version 0.8.4, using tcp breaks blocking and allows DNS exfiltration. This can result in sandbox bypass. Version 0.8.4 fixes the issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-201",
                  "description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-14T15:18:37.058Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/bullfrogsec/bullfrog/security/advisories/GHSA-m32f-fjw2-37v3",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/bullfrogsec/bullfrog/security/advisories/GHSA-m32f-fjw2-37v3"
            },
            {
              "name": "https://github.com/bullfrogsec/bullfrog/commit/ae7744ae4b3a6f8ffc2e49f501e30bf1a43d4671",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/bullfrogsec/bullfrog/commit/ae7744ae4b3a6f8ffc2e49f501e30bf1a43d4671"
            },
            {
              "name": "https://github.com/bullfrogsec/bullfrog/releases/tag/v0.8.4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/bullfrogsec/bullfrog/releases/tag/v0.8.4"
            }
          ],
          "source": {
            "advisory": "GHSA-m32f-fjw2-37v3",
            "discovery": "UNKNOWN"
          },
          "title": "Bullfrog\u0027s DNS over TCP bypasses domain filtering"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-47775",
        "datePublished": "2025-05-14T15:18:37.058Z",
        "dateReserved": "2025-05-09T19:49:35.619Z",
        "dateUpdated": "2025-05-14T15:42:42.206Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }