VDB
CVE-2024-0874
CVE-2024-0874
PUBLISHED
Es besteht eine Schwachstelle in CoreDNS. Dieser Fehler besteht aufgrund eines falsch implementierten Caches, der es erlaubt, ungültige Cache-Einträge zurückzugeben. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Daten zu manipulieren.
EPSS 0.21% · 43.8th percentile
Risk Scores
EPSS Score
0.21%
43.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat OpenShift Container Platform <4.16.0 | |
| Red Hat | Red Hat OpenShift Container Platform <4.18.10 | |
| Red Hat | Red Hat OpenShift Container Platform <4.16.1 | |
| SUSE | SUSE Linux | |
| Oracle | Oracle Linux | |
| Red Hat | Red Hat OpenShift Virtualization <4.15.5 | |
| Amazon | Amazon Linux 2 | |
| Red Hat | Red Hat OpenShift Kube Descheduler Operator 5 | |
| Red Hat | Red Hat OpenShift Run Once Duration Override Operator 1 | |
| Red Hat | Red Hat Ansible Automation Platform | |
| Red Hat | Red Hat Enterprise Linux | |
| Red Hat | Red Hat OpenShift Container Platform <4.14.38 | |
| Red Hat | Red Hat OpenShift Secondary Scheduler Operator | |
| Open Source | Open Source CoreDNS <1.11.2 | |
| Red Hat | Red Hat OpenShift Container Platform <4.15.28 | |
| Red Hat | Red Hat OpenShift Container Platform <4.16.23 | |
| Red Hat | Red Hat OpenShift API for Data Protection 1 | |
| Red Hat | Red Hat OpenShift Container Platform <4.12.63 | |
| Red Hat | Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4 | |
| SUSE | SUSE openSUSE |
…and 3 more
Exploit Intelligence
- CIRCL seen: CVE-2024-0874 (circl-sighting)
- CIRCL seen: CVE-2024-0874 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2024-0874 (circl-sighting)
- RHSA-2024:0041 (circl)
- RHSA-2024:4850 (circl)
- RHSA-2024:6009 (circl)
- RHSA-2024:6406 (circl)
- https://access.redhat.com/security/cve/CVE-2024-0874 (circl)
- RHBZ#2219234 (circl)
- https://github.com/coredns/coredns/issues/6186 (circl)
…and 1 more exploits
Timeline
- Feb 18, 2024 PoC Published
- Apr 25, 2024 CVE Published
- Apr 26, 2024 EPSS Score
- May 20, 2024 EPSS Score
- Jun 14, 2024 EPSS Score
- Jul 8, 2024 EPSS Score
- Aug 6, 2024 EPSS Score
- Aug 30, 2024 EPSS Score
- Sep 12, 2024 CVE Updated
- Sep 24, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 18, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1030.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1030 advisory
- https://github.com/advisories/GHSA-m9w6-wp3h-vq8g advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-0874 advisory
- https://access.redhat.com/errata/RHSA-2024:6009 advisory
- https://access.redhat.com/errata/RHSA-2024:6406 advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2JLUFKCHWHJJ2MQ6XRREF7D4OOWB23V2/ advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1474.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1474 advisory
- https://access.redhat.com/errata/RHSA-2024:0040 advisory
- https://access.redhat.com/errata/RHSA-2024:0041 advisory
- https://access.redhat.com/errata/RHSA-2024:0043 advisory
- https://access.redhat.com/errata/RHSA-2024:0045 advisory
- https://access.redhat.com/errata/RHSA-2024:3637 advisory
- https://access.redhat.com/errata/RHSA-2024:3617 advisory
- https://access.redhat.com/errata/RHSA-2024:1616 advisory
- https://errata.build.resf.org/RLSA-2024:3968 advisory
- https://access.redhat.com/errata/RHSA-2024:4150 advisory
- https://access.redhat.com/errata/RHSA-2024:4159 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-bd8fe42929 advisory
…and 53 more