CVE-2024-37904

{"id": "CVE-2024-37904", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2024-06-18T17:15:52.337", "references": [{"url": "https://github.com/stacklok/minder/blob/85985445c8ac3e51f03372e99c7b2f08a6d274aa/internal/providers/git/git.go#L55-L89", "source": "security-advisories@github.com"}, {"url": "https://github.com/stacklok/minder/blob/85985445c8ac3e51f03372e99c7b2f08a6d274aa/internal/providers/git/git.go#L56-L62", "source": "security-advisories@github.com"}, {"url": "https://github.com/stacklok/minder/commit/7979b43", "source": "security-advisories@github.com"}, {"url": "https://github.com/stacklok/minder/security/advisories/GHSA-hpcg-xjq5-g666", "source": "security-advisories@github.com"}, {"url": "https://github.com/stacklok/minder/blob/85985445c8ac3e51f03372e99c7b2f08a6d274aa/internal/providers/git/git.go#L55-L89", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/stacklok/minder/blob/85985445c8ac3e51f03372e99c7b2f08a6d274aa/internal/providers/git/git.go#L56-L62", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/stacklok/minder/commit/7979b43", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/stacklok/minder/security/advisories/GHSA-hpcg-xjq5-g666", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the `github.com/go-git/go-git/v5` library on lines `L55-L89`. The Git provider does the following on the lines `L56-L62`. First, it sets the `CloneOptions`, specifying the url, the depth etc. It then validates the options. It then sets up an in-memory filesystem, to which it clones and Finally, it clones the repository. The `(g *Git) Clone()` method is vulnerable to a DoS attack: A Minder user can instruct Minder to clone a large repository which will exhaust memory and crash the Minder server. The root cause of this vulnerability is a combination of the following conditions: 1. Users can control the Git URL which Minder clones, 2. Minder does not enforce a size limit to the repository, 3. Minder clones the entire repository into memory. This issue has been addressed in commit `7979b43` which has been included in release version v0.0.52. Users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "Minder es una plataforma de seguridad de la cadena de suministro de software de c\u00f3digo abierto. El proveedor Git de Minder es vulnerable a una denegaci\u00f3n de servicio desde un repositorio GitHub configurado maliciosamente. El proveedor de Git clona los repositorios de los usuarios utilizando la librer\u00eda `github.com/go-git/go-git/v5` en las l\u00edneas `L55-L89`. El proveedor de Git hace lo siguiente en las l\u00edneas \"L56-L62\". Primero, establece `CloneOptions`, especificando la URL, la profundidad, etc. Luego valida las opciones. Luego configura un sistema de archivos en memoria, al cual clona y, finalmente, clona el repositorio. El m\u00e9todo `(g *Git) Clone()` es vulnerable a un ataque DoS: un usuario de Minder puede indicarle a Minder que clone un repositorio grande que agotar\u00e1 la memoria y bloquear\u00e1 el servidor de Minder. La causa principal de esta vulnerabilidad es una combinaci\u00f3n de las siguientes condiciones: 1. Los usuarios pueden controlar la URL de Git que Minder clona, 2. Minder no impone un l\u00edmite de tama\u00f1o al repositorio, 3. Minder clona todo el repositorio en la memoria. Este problema se solucion\u00f3 en el commit `7979b43` que se incluy\u00f3 en la versi\u00f3n v0.0.52. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}], "lastModified": "2024-11-21T09:24:30.433", "sourceIdentifier": "security-advisories@github.com"}