Lucene search

[email protected]CVE-2024-34079

HistoryMay 14, 2024 - 3:38 p.m.

CVE-2024-34079

2024-05-1415:38:29

CWE-400

[email protected]

web.nvd.nist.gov

cve-2024-34079

github app

security token service (sts)

denial of service

nvd

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

7 High

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

8.7%

JSON

octo-sts is a GitHub App that acts like a Security Token Service (STS) for the Github API. This vulnerability can spike the resource utilization of the STS service, and combined with a significant traffic volume could potentially lead to a denial of service. This vulnerability is fixed in 0.1.0

References

github.com/octo-sts/app/commit/74ba874c017cf973edd6711144cf4399a9fcff57

github.com/octo-sts/app/security/advisories/GHSA-75r6-6jg8-pfcq

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

7 High

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

8.7%

JSON

Related for CVE-2024-34079

cvelist1 veracode1 github1 osv3