更新: 2933 个文件 - 2026-03-18 11:36:11

08-threat-intel/registry/triage/magento-open-source--d462b2a6cb.json

@@ -0,0 +1,12 @@
+{
+  "canonical_id": "magento-open-source--d462b2a6cb",
+  "system_id": "magento-open-source",
+  "title": "ConnectPOS leaked Github secrets for years   2026-01-12  Sansec discovered that ConnectPOS has been showing their Github credentials on their site for 4 years. This would enable attackers to slip malicious code into each of the thousands of ConnectPOS retail installations. Sansec recommends to verify integrity of installed code.   skimming   supply-chain   magento   connectpos   +2",
+  "reasons": [
+    "missing affected/fixed version details"
+  ],
+  "candidate_count": 1,
+  "references": [
+    "https://sansec.io/research/connectpos-github-token-exposure"
+  ]
+}