Vulners
Lucene search
Linux Distros Unpatched Vulnerability : CVE-2024-2700
🗓️ 05 Mar 2025 00:00:00Reported by This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.Type 
nessus🔗 www.tenable.com👁 6 Views
| Reporter | Title | Published | Views | Family All 34 |
|---|---|---|---|---|
 | Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for May 2024. | 31 May 202410:42 | – | ibm |
| Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for May 2024. | 15 Apr 202502:38 | – | ibm |
| Security Bulletin: Multiple Vulnerabilities in IBM Event Endpoint Management | 8 Jul 202405:17 | – | ibm |
 | CVE-2024-2700 vulnerabilities | 4 Apr 202414:15 | – | cgr |
 | CVE-2024-2700 | 30 Aug 202510:23 | – | circl |
 | Quarkus 安全漏洞 | 4 Apr 202400:00 | – | cnnvd |
 | CVE-2024-2700 | 4 Apr 202413:46 | – | cve |
 | CVE-2024-2700 Quarkus-core: leak of local configuration properties into quarkus applications | 4 Apr 202413:46 | – | cvelist |
 | EUVD-2024-1194 | 3 Oct 202520:07 | – | euvd |
 | quarkus-core leaks local environment variables from Quarkus namespace during application's build | 4 Apr 202415:30 | – | github |
10
| Source | Link |
|---|---|
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(228128);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/03/05");
script_cve_id("CVE-2024-2700");
script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2024-2700");
script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.
- A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from
the Quarkus namespace during the application's build, therefore, running the resulting application
inherits the values captured at build time. Some local environment variables may have been set by the
developer or CI environment for testing purposes, such as dropping the database during application startup
or trusting all TLS certificates to accept self-signed certificates. If these properties are configured
using environment variables or the .env facility, they are captured into the built application, which can
lead to dangerous behavior if the application does not override these values. This behavior only happens
for configuration properties from the `quarkus.*` namespace. Application-specific properties are not
captured. (CVE-2024-2700)
Note that Nessus relies on the presence of the package as reported by the vendor.");
script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-2700");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/05");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info2.nasl");
script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched");
script_require_ports("Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include('vdf.inc');
# @tvdl-content
var vuln_data = {
"metadata": {
"spec_version": "1.0p"
},
"requires": [
{
"scope": "scan_config",
"match": {
"vendor_unpatched": true
}
},
{
"scope": "target",
"match": {
"os": "linux"
}
}
],
"report": {
"report_type": "unpatched"
},
"checks": [
{
"product": {
"name": "quarkus-core",
"type": "rpm_package"
},
"check_algorithm": "rpm",
"constraints": [
{
"requires": [
{
"scope": "target",
"match": {
"distro": "redhat"
}
},
{
"scope": "target",
"match": {
"os_version": "6"
}
}
]
}
]
}
]
};
var vdf_res = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_WARNING);
vdf::handle_check_and_report_errors(vdf_result: vdf_res);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Mar 2025 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS 3.17
EPSS0.00044
SSVC