Lucene search

GitHub_MCVELIST:CVE-2024-37163

HistoryJun 07, 2024 - 4:09 p.m.

CVE-2024-37163 SkyScrape Secure API Requests

2024-06-0716:09:07

CWE-319

GitHub_M

www.cve.org

skyscrape

gui

dashboard

api

insecure

http

requests

aws

infrastructure

resources

usage

costs

temporary credentials

data

vulnerabilities

version 1.0.0

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape’s API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user’s temporary credentials and data. This affects version 1.0.0.

CNA Affected

[
  {
    "vendor": "oslabs-beta",
    "product": "SkyScraper",
    "versions": [
      {
        "version": "= 1.0.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-37163