Lucene search

[email protected]NVD:CVE-2024-2243

HistoryApr 10, 2024 - 11:15 a.m.

CVE-2024-2243

2024-04-1011:15:49

CWE-78

[email protected]

web.nvd.nist.gov

csmock

unauthorized access

command execution

osh service

kerberos

snyk authentication token

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.7%

JSON

A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers.

References

access.redhat.com/security/cve/CVE-2024-2243

bugzilla.redhat.com/show_bug.cgi?id=2267336

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.7%

JSON

Related for NVD:CVE-2024-2243

openvas3 cve1 fedora3 nessus3 cvelist1 redhatcve1