Lucene search

Veracode Vulnerability DatabaseVERACODE:46636

HistoryApr 26, 2024 - 7:34 a.m.

Improper Cache Handling

2024-04-2607:34:57

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerability

improper cache handling

github.com/coredns/coredns

cd bit

remote server

sensitive information cached

information disclosure

unauthorized access

software

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

gitHub.com/coredns/coredns is vulnerable to Improper Cache Handling. The vulnerability is due to the CD bit disabling validation in the remote server which could allow an attacker to retrieve sensitive information cached erroneously, leading to information disclosure or unauthorized access.

CPENameOperatorVersion
github.com/coredns/corednslev1.11.1
github.com/coredns/corednslev1.11.1

CPE	Name	Operator	Version
	github.com/coredns/coredns	le	v1.11.1
	github.com/coredns/coredns	le	v1.11.1

References

access.redhat.com/security/cve/CVE-2024-0874

bugzilla.redhat.com/show_bug.cgi?id=2219234

github.com/coredns/coredns/commit/997c7f953962d47c242273f0e41398fdfb5b0151

github.com/coredns/coredns/issues/6186

github.com/coredns/coredns/pull/6354

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for VERACODE:46636