CVE-2024-45794

Опубликовано: 07 нояб. 2024

Источник: nvd

CVSS3: 8.3

CVSS3: 8.8

EPSS Низкий

Описание

devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user (with minimum permission) could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API (/orchestrator/user). This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Ссылки

https://github.com/devtron-labs/devtron/security/advisories/GHSA-q78v-cv36-8fxj
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:devtron:devtron:*:*:*:*:*:kubernetes:*:*

Версия до 0.7.2 (исключая)

EPSS

Процентиль: 53%

0.00307

Низкий

8.3 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-q78v-cv36-8fxj

CVSS3: 8.3

github

около 1 года назад

Devtron has SQL Injection in CreateUser API

SUSE-SU-2024:4042-1

suse-cvrf

около 1 года назад

Security update for govulncheck-vulndb

EPSS

Процентиль: 53%

0.00307

Низкий

8.3 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-89