Lucene search

GoogleOSV:CVE-2024-29031

HistoryMar 21, 2024 - 11:15 p.m.

CVE-2024-29031

2024-03-2123:15:11

Google

osv.dev

meshery

cloud native

kubernetes

sql injection

vulnerability

remote attacker

sensitive information

patch

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

Low

EPSS

Percentile

15.5%

JSON

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive information via the order parameter of GetMeshSyncResources. Version 0.7.17 contains a patch for this issue.

References

github.com/meshery/meshery/commit/8e995ce21af02d32ef61689c1e1748a745917f13

github.com/meshery/meshery/pull/10207

securitylab.github.com/advisories/GHSL-2023-249_Meshery/

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

Low

EPSS

Percentile

15.5%

JSON

Related for OSV:CVE-2024-29031