CVE-2024-1979

2024-03-1310:15:08

CWE-200

[email protected]

web.nvd.nist.gov

122

vulnerability

quarkus

git credentials

ci process

risk

nvd

cve-2024-1979

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk.

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Quarkus 3.2.11.Final",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "io.quarkus/quarkus-kubernetes-deployment",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "3.2.11.Final-redhat-00001",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:quarkus:3.2::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Quarkus",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "io.quarkus/quarkus-kubernetes-deployment",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:quarkus:2"
    ]
  }
]