A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers.
References
Configurations
No configuration.
History
10 Apr 2024, 13:23
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-10 11:15
Updated : 2024-04-10 13:23
NVD link : CVE-2024-2243
Mitre link : CVE-2024-2243
CVE.ORG link : CVE-2024-2243
JSON object : View
Products Affected
No product.
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')