CVE-2024-28110 — Vulnetix

CVE-2024-28110 PUBLISHED

Es existiert eine Schwachstelle in Red Hat OpenShift Serverless. Der Fehler besteht, weil Angreifer offengelegte Anmeldeinformationen in der Komponente cloudevents/sdk-go abfangen und missbrauchen können. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.

EPSS 0.14% · 33.4th percentile

Risk Scores

EPSS Score

0.14%

33.4th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat OpenShift Serverless <1.32.0
RESF	RESF Rocky Linux
Red Hat	Red Hat OpenShift Virtualization <4.15.5
Red Hat	Red Hat Ansible Automation Platform
Red Hat	Red Hat OpenShift API for Data Protection 1
Red Hat	Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat	Red Hat OpenShift Kube Descheduler Operator 5
Red Hat	Red Hat OpenShift Run Once Duration Override Operator 1
SUSE	SUSE Linux
Red Hat	Red Hat Enterprise Linux
Red Hat	Red Hat OpenShift Secondary Scheduler Operator
Red Hat	Red Hat OpenShift Container Platform <4.14.38
Red Hat	Red Hat OpenShift Container Platform <4.16.23
SUSE	SUSE openSUSE
Red Hat	Red Hat OpenShift Container Platform <4.16.0
Amazon	Amazon Linux 2
Red Hat	Red Hat OpenShift Container Platform <4.16.1
Red Hat	Red Hat OpenShift Container Platform <4.15.28
Oracle	Oracle Linux
Fedora	Fedora Linux

…and 3 more

Exploit Intelligence

CIRCL seen: CVE-2024-28110 (circl-sighting)
CIRCL seen: CVE-2024-28110 (circl-sighting)
CIRCL seen: CVE-2024-28110 (circl-sighting)
https://github.com/cloudevents/sdk-go/security/advisories/GHSA-5pf6-2qwx-pxm2 (circl)
https://github.com/cloudevents/sdk-go/commit/de2f28370b0d2a0f64f92c0c6139fa4b8a7c3851 (circl)
https://github.com/cloudevents/sdk-go/blob/67e389964131d55d65cd14b4eb32d57a47312695/v2/protocol/http/protocol.go#L104-L110 (circl)

Timeline

Jan 21, 1970 Security Advisory
Mar 6, 2024 CVE Published
Mar 6, 2024 PoC Published
Mar 6, 2024 PoC Published
Mar 7, 2024 EPSS Score
Mar 7, 2024 PoC Published
Apr 2, 2024 EPSS Score
Apr 29, 2024 EPSS Score
May 25, 2024 EPSS Score
Jun 20, 2024 EPSS Score
Jul 17, 2024 EPSS Score
Aug 12, 2024 EPSS Score

References

https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0637.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0637 advisory
https://access.redhat.com/errata/RHSA-2024:1333 advisory
https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1474.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1474 advisory
https://access.redhat.com/errata/RHSA-2024:0040 advisory
https://access.redhat.com/errata/RHSA-2024:0041 advisory
https://access.redhat.com/errata/RHSA-2024:0043 advisory
https://access.redhat.com/errata/RHSA-2024:0045 advisory
https://access.redhat.com/errata/RHSA-2024:3637 advisory
https://access.redhat.com/errata/RHSA-2024:3617 advisory
https://access.redhat.com/errata/RHSA-2024:1616 advisory
https://errata.build.resf.org/RLSA-2024:3968 advisory
https://access.redhat.com/errata/RHSA-2024:4150 advisory
https://access.redhat.com/errata/RHSA-2024:4159 advisory
https://bodhi.fedoraproject.org/updates/FEDORA-2024-bd8fe42929 advisory
https://access.redhat.com/errata/RHSA-2024:4591 advisory
https://access.redhat.com/errata/RHSA-2024:4613 advisory
https://access.redhat.com/errata/RHSA-2024:4699 advisory
https://access.redhat.com/errata/RHSA-2024:4850 advisory

…and 49 more

Open in Interactive Console →