CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
10.8%
A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.
[
{
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "1.11.2",
"versionType": "semver"
}
],
"packageName": "coredns",
"collectionURL": "https://github.com/coredns/coredns",
"defaultStatus": "unaffected"
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4.13",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift4/ose-coredns",
"defaultStatus": "affected",
"versions": [
{
"version": "v4.13.0-202408260940.p0.ge70f097.assembly.stream.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift:4.13::el9",
"cpe:/a:redhat:openshift:4.13::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4.14",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift4/ose-coredns",
"defaultStatus": "affected",
"versions": [
{
"version": "v4.14.0-202408260910.p0.gfdd6037.assembly.stream.el8",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift:4.14::el9",
"cpe:/a:redhat:openshift:4.14::el8"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4.15",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift4/ose-coredns-rhel9",
"defaultStatus": "affected",
"versions": [
{
"version": "v4.15.0-202407230407.p0.g1326282.assembly.stream.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenShift Container Platform 4.16",
"collectionURL": "https://catalog.redhat.com/software/containers/",
"packageName": "openshift4/ose-coredns-rhel9",
"defaultStatus": "affected",
"versions": [
{
"version": "v4.16.0-202406131906.p0.g04d84f7.assembly.stream.el9",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
]
},
{
"vendor": "Red Hat",
"product": "Logging Subsystem for Red Hat OpenShift",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openshift-logging/logging-loki-rhel8",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:logging:5"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "rhacm2/lighthouse-agent-rhel8",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:acm:2"
]
}
]
access.redhat.com/errata/RHSA-2024:0041
access.redhat.com/errata/RHSA-2024:4850
access.redhat.com/errata/RHSA-2024:6009
access.redhat.com/errata/RHSA-2024:6406
access.redhat.com/security/cve/CVE-2024-0874
bugzilla.redhat.com/show_bug.cgi?id=2219234
github.com/coredns/coredns/issues/6186
github.com/coredns/coredns/pull/6354
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
10.8%