Lucene search

GoogleOSV:CVE-2024-34084

HistoryMay 07, 2024 - 3:15 p.m.

CVE-2024-34084

2024-05-0715:15:09

Google

osv.dev

minder

handlegithubwebhook

denial of service

untrusted

http request

vulnerability

controlplane

fix

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Minder’s HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests to HandleGithubWebhook to crash the Minder controlplane and deny other users from using it. This vulnerability is fixed in 0.0.48.

CPENameOperatorVersion
mindereq0.0.24
mindereq0.0.18
mindereq0.0.16
mindereq0.0.20
mindereq0.0.26
mindereq0.0.28
mindereq0.0.45
mindereq0.0.27
mindereq0.0.10
mindereq0.0.41

Name	Operator	Version
minder	eq	0.0.24
minder	eq	0.0.18
minder	eq	0.0.16
minder	eq	0.0.20
minder	eq	0.0.26
minder	eq	0.0.28
minder	eq	0.0.45
minder	eq	0.0.27
minder	eq	0.0.10
minder	eq	0.0.41

Rows per page:

1-10 of 471

References

github.com/stacklok/minder/commit/3e5a527d2f1b535159206161d1d519602c75bd0d

github.com/stacklok/minder/security/advisories/GHSA-9c5w-9q3f-3hv7

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for OSV:CVE-2024-34084