Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-1682

Опубликовано: 14 нояб. 2024
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This bucket has been claimed by an external party. The use of this unclaimed S3 bucket could lead to data integrity issues, data leakage, availability problems, loss of trustworthiness, and potential further attacks if the bucket is used to host malicious content or as a pivot point for further attacks.

A flaw was found in the psf/requests documentation. This vulnerability allows data integrity issues, data leakage, availability problems, and potential further attacks via a reference to an unclaimed Amazon S3 bucket in an audio file link within a .rst documentation file.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 2python3.11-requestsFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-840
https://bugzilla.redhat.com/show_bug.cgi?id=2326318psf/requests: Unclaimed S3 Bucket Reference in psf/requests Documentation

EPSS

Процентиль: 15%
0.00049
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-1682

CVSS3: 4.3
nvd
около 1 года назад

An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This bucket has been claimed by an external party. The use of this unclaimed S3 bucket could lead to data integrity issues, data leakage, availability problems, loss of trustworthiness, and potential further attacks if the bucket is used to host malicious content or as a pivot point for further attacks.

github логотип

GHSA-44cv-hr8r-whc9

CVSS3: 4.3
github
около 1 года назад

An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This bucket has been claimed by an external party. The use of this unclaimed S3 bucket could lead to data integrity issues, data leakage, availability problems, loss of trustworthiness, and potential further attacks if the bucket is used to host malicious content or as a pivot point for further attacks.

EPSS

Процентиль: 15%
0.00049
Низкий

4.3 Medium

CVSS3