Lucene search

RedhatVULNRICHMENT:CVE-2024-1979

HistoryMar 13, 2024 - 9:41 a.m.

CVE-2024-1979 Quarkus: information leak in annotation

2024-03-1309:41:25

CWE-200

redhat

github.com

quarkus

vulnerability

gitcredentials

ciprocess

informationleak

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk.

References

access.redhat.com/errata/RHSA-2024:1662

access.redhat.com/security/cve/CVE-2024-1979

bugzilla.redhat.com/show_bug.cgi?id=2266690

github.com/quarkusio/quarkus/issues/38055

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-1979