Insertion of Sensitive Information Into Sent Data

CVE-2025-47775

Medium

6.2/10

Summary

Bullfrog is a GithHb Action to block unauthorized outbound traffic in GitHub workflows. Prior to version 0.8.4, using tcp breaks blocking and allows DNS exfiltration. This can result in sandbox bypass. Version 0.8.4 fixes the issue.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-201 - Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

References

Advisory Timeline

Published May 14, 2025

Insertion of Sensitive Information Into Sent Data

CVE-2025-47775

Summary

CWE-201 - Insertion of Sensitive Information Into Sent Data

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS