CVE-2024-37163

SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version 1.0.0.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:opensourcelabs:skyscraper:1.0.0:*:*:*:*:*:*:*

History

13 Nov 2024, 18:42

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.4~~	v2 : unknown v3 : 7.5
First Time		Opensourcelabs skyscraper Opensourcelabs
CPE		cpe:2.3:a:opensourcelabs:skyscraper:1.0.0:::::::*
References	~~() https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j -~~	() https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j - Vendor Advisory
Summary		(es) SkyScrape es un panel GUI para la infraestructura de AWS y la gestión de recursos y costos de uso. Las solicitudes API de SkyScrape son actualmente solicitudes HTTP no seguras, lo que genera vulnerabilidades potenciales para las credenciales y datos temporales del usuario. Esto afecta a la versión 1.0.0.

07 Jun 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-07 17:15

Updated : 2024-11-13 18:42

NVD link : CVE-2024-37163

Mitre link : CVE-2024-37163

CVE.ORG link : CVE-2024-37163

JSON object : View

Products Affected

opensourcelabs

skyscraper

CWE

CWE-319

Cleartext Transmission of Sensitive Information

{"id": "CVE-2024-37163", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 1.6}]}, "published": "2024-06-07T17:15:51.230", "references": [{"url": "https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version 1.0.0."}, {"lang": "es", "value": "SkyScrape es un panel GUI para la infraestructura de AWS y la gesti\u00f3n de recursos y costos de uso. Las solicitudes API de SkyScrape son actualmente solicitudes HTTP no seguras, lo que genera vulnerabilidades potenciales para las credenciales y datos temporales del usuario. Esto afecta a la versi\u00f3n 1.0.0."}], "lastModified": "2024-11-13T18:42:25.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opensourcelabs:skyscraper:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97CC8F6A-7C12-4D4B-BDAD-3D3F6D3004D7"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}