GoogleOSV:GHSA-7G97-7R3C-5CC6In Quarkus, git credentials could be inadvertently published
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
15.5%
A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk.
References
access.redhat.com/errata/RHSA-2024:1662
access.redhat.com/security/cve/CVE-2024-1979
bugzilla.redhat.com/show_bug.cgi?id=2266690
github.com/quarkusio/quarkus
github.com/quarkusio/quarkus/commit/3a3b0d739222a2e476e085a955cfa090739f5924
github.com/quarkusio/quarkus/commit/5bc05ee35365a905f0e9e37f248c38688a81caaf
github.com/quarkusio/quarkus/issues/38055
nvd.nist.gov/vuln/detail/CVE-2024-1979
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
15.5%