Lucene search
MitreCVE-2024-36535HistoryJul 24, 2024 - 8:15 p.m.
CVE-2024-36535
2024-07-2420:15:04
CWE-284
mitre
web.nvd.nist.gov
25
meshery
v0.7.51
insecure permissions
data access
privilege escalation
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.1
Confidence
High
EPSS
0
Percentile
9.4%
Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account’s token.
Related
nvd
nvd
CVE-2024-36535
2024-07-24 20:15:04
veracode
veracode
Improper Access Control
2024-07-25 03:10:50
vulnrichment
vulnrichment
CVE-2024-36535
2024-07-24 00:00:00
cvelist
cvelist
CVE-2024-36535
2024-07-24 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.1
Confidence
High
EPSS
0
Percentile
9.4%
Related for CVE-2024-36535