CVE-2024-2243

A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers.
Configurations

No configuration.

History

21 Nov 2024, 09:09

Type Values Removed Values Added
References () https://access.redhat.com/security/cve/CVE-2024-2243 - () https://access.redhat.com/security/cve/CVE-2024-2243 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=2267336 - () https://bugzilla.redhat.com/show_bug.cgi?id=2267336 -
Summary
  • (es) Se encontró una vulnerabilidad en csmock donde un usuario habitual del servicio OSH (cualquiera con un ticket Kerberos válido) puede utilizar la vulnerabilidad para revelar el token de autenticación confidencial de Snyk y ejecutar comandos arbitrarios en los trabajadores de OSH.

10 Apr 2024, 13:23

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-10 11:15

Updated : 2024-11-21 09:09


NVD link : CVE-2024-2243

Mitre link : CVE-2024-2243

CVE.ORG link : CVE-2024-2243


JSON object : View

Products Affected

No product.

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')