VDB
CVE-2024-21501
CVE-2024-21501
PUBLISHED
Es besteht eine Schwachstelle in Red Hat OpenShift. Dieser Fehler besteht im sanitize-html-Paket der Container-Plattform, das die Aufzählung von Dateien im System, einschließlich Projektabhängigkeiten, ermöglicht, um Details über die Dateisystemstruktur und Abhängigkeiten des Zielservers zu sammeln. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.
EPSS 1.81% · 83.2th percentile
Risk Scores
EPSS Score
1.81%
83.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| HCL | HCL BigFix | |
| Fedora | Fedora Linux | |
| HCL | HCL BigFix Server Automation |
Exploit Intelligence
- CIRCL seen: CVE-2024-21501 (circl-sighting)
- CIRCL seen: CVE-2024-21501 (circl-sighting)
- CIRCL seen: CVE-2024-21501 (circl-sighting)
- CIRCL seen: CVE-2024-21501 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2024-21501 (circl-sighting)
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6276557 (nist-nvd)
- https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334 (nist-nvd)
- https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf (nist-nvd)
- https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4 (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EB5JPYRCTS64EA5AMV3INHDPI6I4AW7/ (circl)
…and 12 more exploits
Timeline
- Feb 23, 2024 PoC Published
- Feb 24, 2024 CVE Published
- Feb 24, 2024 EPSS Score
- Feb 24, 2024 PoC Published
- Feb 24, 2024 PoC Published
- Feb 26, 2024 PoC Published
- Mar 6, 2024 CVE Updated
- Mar 14, 2024 PoC Published
- Mar 22, 2024 EPSS Score
- May 14, 2024 EPSS Score
- Jun 10, 2024 EPSS Score
- Jul 7, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0902.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0902 advisory
- https://access.redhat.com/errata/RHSA-2024:1770 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2266111 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-af1f06c79c advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-b8e474fbd3 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3344.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3344 advisory
- https://support.hcl-software.com/community?id=community_blog&sys_id=e8e9f77b936dd6100dddf87d1dba103d advisory
- https://support.hcl-software.com/community?id=community_blog&sys_id=1af3c435fb2216d0db10f2797befdc15 advisory