Lucene search

Alpine Linux Development TeamALPINE:CVE-2024-20955

HistoryJan 16, 2024 - 10:15 p.m.

CVE-2024-20955

2024-01-1622:15:42

Alpine Linux Development Team

security.alpinelinux.org

oracle

graalvm

jdk

enterprise

unauthorized access

vulnerability

cvss 3.1

network access

confidentiality impacts

exploit

3.8 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchopenjdk17< 17.0.10_p7-r0UNKNOWN
Alpine3.16-communitynoarchopenjdk17< 17.0.10_p7-r0UNKNOWN
Alpine3.17-communitynoarchopenjdk17< 17.0.10_p7-r0UNKNOWN
Alpine3.18-communitynoarchopenjdk17< 17.0.10_p7-r0UNKNOWN
Alpine3.19-communitynoarchopenjdk17< 17.0.10_p7-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	openjdk17	< 17.0.10_p7-r0	UNKNOWN
Alpine	3.16-community	noarch	openjdk17	< 17.0.10_p7-r0	UNKNOWN
Alpine	3.17-community	noarch	openjdk17	< 17.0.10_p7-r0	UNKNOWN
Alpine	3.18-community	noarch	openjdk17	< 17.0.10_p7-r0	UNKNOWN
Alpine	3.19-community	noarch	openjdk17	< 17.0.10_p7-r0	UNKNOWN