GoogleOSV:GO-2024-3102OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
References
docs.aws.amazon.com/firehose/latest/dev/controlling-access.html#using-iam-http
docs.aws.amazon.com/firehose/latest/dev/httpdeliveryrequestresponse.html
github.com/open-telemetry/opentelemetry-collector#alpha
github.com/open-telemetry/opentelemetry-collector-contrib/commit/371bf6afbd7cfa3253fa1674f5444064e86ef0ac
github.com/open-telemetry/opentelemetry-collector-contrib/pull/34847
github.com/open-telemetry/opentelemetry-collector-contrib/security/advisories/GHSA-prf6-xjxh-p698
github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/awsfirehosereceiver
github.com/open-telemetry/opentelemetry-collector-releases/pull/74
github.com/open-telemetry/opentelemetry-collector-releases/releases/tag/v0.108.0
github.com/open-telemetry/opentelemetry-collector-releases/tree/main/distributions/otelcol-contrib
nvd.nist.gov/vuln/detail/CVE-2024-45043
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N