Lucene search
Redhat.comRH:CVE-2024-6257HistoryJun 25, 2024 - 7:21 p.m.
CVE-2024-6257
2024-06-2519:21:11
redhat.com
access.redhat.com
1
cve-2024-6257
hashicorp
go-getter library
arbitrary code execution
git update
maliciously modified git configuration
8.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
7.7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.
Related
nvd
nvd
CVE-2024-6257
2024-06-25 17:15:10
osv
osv
CGA-grwc-xwh5-vfhw
2024-06-26 12:04:24
HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
2024-06-25 18:31:22
CGA-p58v-7jgp-wxgq
2024-06-26 12:04:27
cve
cve
CVE-2024-6257
2024-06-25 17:15:10
cvelist
cvelist
vulnrichment
vulnrichment
wolfi
wolfi
CVE-2024-6257 vulnerabilities
2024-06-28 15:21:31
github
github
debiancve
debiancve
CVE-2024-6257
2024-06-25 17:15:10
8.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
7.7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for RH:CVE-2024-6257