Lucene search

K
redhatcveRedhat.comRH:CVE-2024-6257
HistoryJun 25, 2024 - 7:21 p.m.

CVE-2024-6257

2024-06-2519:21:11
redhat.com
access.redhat.com
9
cve-2024-6257
hashicorp
go-getter library
arbitrary code execution
git update
maliciously modified git configuration

CVSS3

8.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0

Percentile

9.1%

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution.

CVSS3

8.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

AI Score

7.7

Confidence

Low

EPSS

0

Percentile

9.1%