Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-2243

Опубликовано: 20 мар. 2024
Источник: redhat
CVSS3: 7.6

Описание

A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers.

Отчет

We ship 'csmock' only in our community products.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-78
https://bugzilla.redhat.com/show_bug.cgi?id=2267336csmock: command injection vulnerability in csmock-plugin-snyk

7.6 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2024-2243

CVSS3: 7.6
nvd
почти 2 года назад

A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers.

github логотип

GHSA-cjj3-f3rf-jf7w

CVSS3: 7.6
github
почти 2 года назад

A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers.

7.6 High

CVSS3