Lucene search
RedHatRHSA-2024:3920HistoryJun 13, 2024 - 11:01 a.m.
(RHSA-2024:3920) Important: Migration Toolkit for Runtimes security, bug fix and enhancement update
2024-06-1311:01:17
access.redhat.com
6
migration toolkit
runtimes
security
bug fix
enhancement
update
axios
follow-redirects
commons-configuration2
webpack-dev-middleware
cvss score
unix
cve page.
CVSS3
7.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
AI Score
7.1
Confidence
Low
Migration Toolkit for Runtimes 1.2.6 ZIP artifacts
Security Fix(es):
- axios: exposure of confidential data stored in cookies (CVE-2023-45857)
- follow-redirects: Possible credential leak (CVE-2024-28849)
- commons-configuration2: various flaws (CVE-2024-29131)
- commons-configuration2: various flaws (CVE-2024-29133)
- webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Related
openvas
openvas
Apache Commons Configuration 2.0.x < 2.10.1 Multiple Vulnerabilities
2024-03-21 00:00:00
Fedora: Security Advisory for apache-commons-configuration (FEDORA-2024-fa7b758114)
2024-04-03 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1365-1)
2024-05-07 00:00:00
nessus
nessus
ibm
ibm
fedora
fedora
[SECURITY] Fedora 39 Update: apache-commons-configuration-2.10.1-1.fc39
2024-03-30 01:10:55
[SECURITY] Fedora 40 Update: apache-commons-configuration-2.10.1-1.fc40
2024-03-29 04:11:00
[SECURITY] Fedora 40 Update: pgadmin4-8.4-2.fc40
2024-03-23 00:52:38
vulnrichment
vulnrichment
github
github
cvelist
cvelist
cve
cve
osv
osv
Path traversal in webpack-dev-middleware
2024-03-21 18:59:28
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
2024-03-21 09:31:14
CVE-2024-29180
2024-03-21 17:15:09
veracode
veracode
Path Traversal
2024-03-27 13:47:44
Out-of-Bounds Write
2024-03-22 06:49:33
Out-of-Bounds Write
2024-03-22 05:11:58
nvd
nvd
redhatcve
redhatcve
githubexploit
githubexploit
Exploit for Cross-Site Request Forgery (CSRF) in Axios
2023-10-26 04:18:03
Exploit for CVE-2023-45857
2023-10-18 12:19:34
Exploit for Cross-Site Request Forgery (CSRF) in Axios
2023-11-24 22:42:56
cgr
cgr
CVE-2023-45857 vulnerabilities
2024-05-19 03:07:16
CVE-2024-29131 vulnerabilities
2024-05-19 03:07:16
CVE-2024-29133 vulnerabilities
2024-05-19 03:07:16
cnvd
cnvd
Apache Commons Configuration Out-of-Bounds Write Vulnerability
2024-03-26 00:00:00
atlassian
atlassian
debiancve
debiancve
wolfi
wolfi
CVE-2024-29131 vulnerabilities
2024-09-07 21:13:09
CVE-2024-29133 vulnerabilities
2024-09-07 21:13:09
CVE-2024-28849 vulnerabilities
2024-09-07 21:13:09
cbl_mariner
cbl_mariner
CVE-2024-28849 affecting package reaper for versions less than 3.1.1-9
2024-06-06 19:53:22
ubuntucve
ubuntucve
CVE-2023-45857
2023-11-08 00:00:00
CVE-2024-28849
2024-03-14 00:00:00
prion
prion
Design/Logic Flaw
2023-11-08 21:15:00
redhat
redhat
CVSS3
7.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
AI Score
7.1
Confidence
Low
Related for RHSA-2024:3920