CVE-2024-34079

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-34079
octo-sts is a GitHub App that acts like a Security Token Service (STS) for the Github API. This vulnerability can spike the resource utilization of the STS service, and combined with a significant traffic volume could potentially lead to a denial of service. This vulnerability is fixed in 0.1.0

3.7 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://github.com/octo-sts/app/commit/74ba874c017cf973edd6711144cf4399a9fcff57
https://github.com/octo-sts/app/security/advisories/GHSA-75r6-6jg8-pfcq
https://github.com/octo-sts/app/commit/74ba874c017cf973edd6711144cf4399a9fcff57
https://github.com/octo-sts/app/security/advisories/GHSA-75r6-6jg8-pfcq
Configurations

No configuration.

History

21 Nov 2024, 09:18

Type Values Removed Values Added
Summary
  • (es) octo-sts es una aplicación de GitHub que actúa como un servicio de token de seguridad (STS) para la API de Github. Esta vulnerabilidad puede aumentar la utilización de recursos del servicio STS y, combinada con un volumen de tráfico significativo, podría provocar una denegación de servicio. Esta vulnerabilidad se solucionó en 0.1.0.
References () https://github.com/octo-sts/app/commit/74ba874c017cf973edd6711144cf4399a9fcff57 - () https://github.com/octo-sts/app/commit/74ba874c017cf973edd6711144cf4399a9fcff57 -
References () https://github.com/octo-sts/app/security/advisories/GHSA-75r6-6jg8-pfcq - () https://github.com/octo-sts/app/security/advisories/GHSA-75r6-6jg8-pfcq -

14 May 2024, 15:38

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-14 15:38

Updated : 2024-11-21 09:18

NVD link : CVE-2024-34079

Mitre link : CVE-2024-34079

CVE.ORG link : CVE-2024-34079

JSON object : View

Products Affected

No product.

CWE
CWE-400

Uncontrolled Resource Consumption


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024