Lucene search

Redhat.comRH:CVE-2024-2243

HistoryApr 09, 2024 - 9:59 a.m.

CVE-2024-2243

2024-04-0909:59:46

redhat.com

access.redhat.com

csmock

vulnerability

unauthorized access

command execution

kerberos ticket

osh workers

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

7.6 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.7%

JSON

A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers.

References

bugzilla.redhat.com/show_bug.cgi?id=2267336

nvd.nist.gov/vuln/detail/CVE-2024-2243

www.cve.org/CVERecord?id=CVE-2024-2243

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

7.6 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.7%

JSON

Related for RH:CVE-2024-2243