Lucene search

ChainguardCHAINGUARD:CVE-2024-24557

HistoryMay 14, 2024 - 3:38 p.m.

CVE-2024-24557 vulnerabilities

2024-05-1415:38:38

Chainguard

packages.cgr.dev

cve-2024-24557

vulnerabilities

software packages

prometheus

cosign-fips

istio-pilot-agent-1.21

istio-operator-1.20

filebeat

falcoctl

cert-manager-fips-1.13

telegraf-1.26

traefik

buildkitd

kots

newrelic-infrastructure-agent

istio-pilot-discovery-fips-1.19

ko-fips

timoni

kubeflow-katib

datadog-agent

goreleaser

cri-tools

flux-helm-controller

helm

aactl

skaffold

helm-operator

gitsign

prometheus-fips-2.45

argo-workflows

ctop

docker-credential-gcr

cadvisor

pulumi

kyverno

trivy

helm-operator-fips

dagger

policy-controller-fips

falcoctl-fips-0.4

istio-fips-1.20

cosign

guac

k3s

kubescape

helm-fips

kubevela

zarf

tekton-chains

skopeo

falcoctl-fips

tekton-pipelines

scorecard

crane

k8sgpt

flux-image-reflector-controller

policy-controller

eksctl

zot

loki

kargo

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

20.7%

JSON

Vulnerabilities for packages: helm-operator-fips, cert-manager, pulumi, istio-operator, k8sgpt, trivy, dagger, bom, tekton-pipelines, telegraf, filebeat-fips, kargo, cosign, falcoctl-fips, traefik-fips, skaffold, istio-pilot-agent-fips, helm-operator, flux-helm-controller, kubevela, kots, kyverno, docker-credential-gcr, loki, prometheus, cri-tools, nerdctl, istio-pilot-agent, k9s, slsa-verifier, timoni, ko-fips, aactl, newrelic-infrastructure-agent, ctop, helm, buildkitd, policy-controller, traefik, up, tekton-chains, gitlab-runner, cert-manager-fips, kubeflow-katib, istio-pilot-discovery, istio-fips, datadog-agent, cosign-fips, argo-workflows, gitsign, datadog-agent-fips, falco, falcoctl, kubescape, zarf, prometheus-fips, crane, scorecard, argo-workflows-fips, filebeat, goreleaser, k3s, zot, cadvisor, flux-image-reflector-controller, policy-controller-fips, istio-pilot-discovery-fips, eksctl, skopeo, helm-fips, guac, istio-operator-fips

CPENameOperatorVersion
argo-workflows-fipsle3.5.5-r3
cert-managerle1.12.9-r2
cert-managerle1.13.5-r1
cert-manager-fipsle1.12.9-r1
cert-manager-fipsle1.13.5-r1
cert-manager-fipsle1.14.4-r1
cosign-fipsle2.2.3-r4
datadog-agent-fipsle7.51.1-r3
falcoctl-fipsle0.4.0-r5
falcoctl-fipsle0.7.3-r5

Name	Operator	Version
argo-workflows-fips	le	3.5.5-r3
cert-manager	le	1.12.9-r2
cert-manager	le	1.13.5-r1
cert-manager-fips	le	1.12.9-r1
cert-manager-fips	le	1.13.5-r1
cert-manager-fips	le	1.14.4-r1
cosign-fips	le	2.2.3-r4
datadog-agent-fips	le	7.51.1-r3
falcoctl-fips	le	0.4.0-r5
falcoctl-fips	le	0.7.3-r5