CVE-2024-45794 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-45794 PUBLISHED CVSS 8.300000190734863 HIGH

devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user (with minimum permission) could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API (/orchestrator/user). This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

EPSS 0.31% · 53.7th percentile

Risk Scores

CVSS v3.1

8.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

EPSS Score

0.31%

53.7th percentile

Affected Products

Vendor	Product	Versions
devtron-labs	devtron	< 0.7.2
kubernetes	devtron	0.7.2
devtron	devtron	0
github.com	devtron-labs/devtron	0

Timeline

Nov 7, 2024 CVE Published
Nov 7, 2024 Coalition ESS Score
Nov 8, 2024 EPSS Score
Nov 8, 2024 Coalition ESS Score
Nov 25, 2024 EPSS Score
Dec 14, 2024 EPSS Score
Dec 31, 2024 EPSS Score
Jan 17, 2025 EPSS Score
Feb 21, 2025 EPSS Score
Mar 10, 2025 EPSS Score
Mar 27, 2025 EPSS Score
Apr 1, 2025 Coalition ESS Score

References

Open in Interactive Console →