GitHub Advisory DatabaseGHSA-7G97-7R3C-5CC6In Quarkus, git credentials could be inadvertently published
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| io.quarkus:quarkus-kubernetes-deployment | lt | 3.7.3 |
References
access.redhat.com/errata/RHSA-2024:1662
access.redhat.com/security/cve/CVE-2024-1979
bugzilla.redhat.com/show_bug.cgi?id=2266690
github.com/advisories/GHSA-7g97-7r3c-5cc6
github.com/quarkusio/quarkus/commit/3a3b0d739222a2e476e085a955cfa090739f5924
github.com/quarkusio/quarkus/commit/5bc05ee35365a905f0e9e37f248c38688a81caaf
github.com/quarkusio/quarkus/issues/38055
nvd.nist.gov/vuln/detail/CVE-2024-1979
Related
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%