Lucene search

Veracode Vulnerability DatabaseVERACODE:45866

HistoryMar 14, 2024 - 10:20 a.m.

Sensitive Information Disclosure

2024-03-1410:20:38

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

quarkus

kubernetes

git credentials

disclosure

continuous integration

metadata

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

io.quarkus, quarkus-kubernetes-deployment is vulnerable to Git Credentials Disclosure. The vulnerability due to a flaw in the continuous integration (CI) configuration, leading to the inadvertent publication of git credentials to the metadata annotation.

CPENameOperatorVersion
quarkus - kubernetes - vanilla - deploymentle3.7.2
quarkus - kubernetes - vanilla - deploymentle3.7.2

CPE	Name	Operator	Version
	quarkus - kubernetes - vanilla - deployment	le	3.7.2
	quarkus - kubernetes - vanilla - deployment	le	3.7.2

References

access.redhat.com/errata/RHSA-2024:1662

access.redhat.com/security/cve/CVE-2024-1979

bugzilla.redhat.com/show_bug.cgi?id=2266690

github.com/advisories/GHSA-7g97-7r3c-5cc6

github.com/quarkusio/quarkus/commit/3a3b0d739222a2e476e085a955cfa090739f5924

github.com/quarkusio/quarkus/commit/5bc05ee35365a905f0e9e37f248c38688a81caaf

github.com/quarkusio/quarkus/issues/38055

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for VERACODE:45866