gsd-2024-1979
Vulnerability from gsd
Modified
2024-02-29 06:03
Details
A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk.
Aliases



{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-1979"
      ],
      "details": "A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk.",
      "id": "GSD-2024-1979",
      "modified": "2024-02-29T06:03:27.461693Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2024-1979",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Red Hat build of Quarkus 3.2.11.Final",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "3.2.11.Final-redhat-00001",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat build of Quarkus",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected"
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Red Hat"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-200",
                "lang": "eng",
                "value": "Exposure of Sensitive Information to an Unauthorized Actor"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://access.redhat.com/errata/RHSA-2024:1662",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2024:1662"
          },
          {
            "name": "https://access.redhat.com/security/cve/CVE-2024-1979",
            "refsource": "MISC",
            "url": "https://access.redhat.com/security/cve/CVE-2024-1979"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2266690",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266690"
          },
          {
            "name": "https://github.com/quarkusio/quarkus/issues/38055",
            "refsource": "MISC",
            "url": "https://github.com/quarkusio/quarkus/issues/38055"
          }
        ]
      },
      "work_around": [
        {
          "lang": "en",
          "value": "Ensure that at least one of the preconditions is not present in your environment."
        }
      ]
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk."
          },
          {
            "lang": "es",
            "value": "Se encontr\u00f3 una vulnerabilidad en Quarkus. En ciertas condiciones relacionadas con el proceso de CI, las credenciales de git podr\u00edan publicarse sin darse cuenta, lo que podr\u00eda poner en riesgo el repositorio de git."
          }
        ],
        "id": "CVE-2024-1979",
        "lastModified": "2024-04-03T13:16:01.070",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 1.4,
              "source": "secalert@redhat.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-03-13T10:15:08.153",
        "references": [
          {
            "source": "secalert@redhat.com",
            "url": "https://access.redhat.com/errata/RHSA-2024:1662"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://access.redhat.com/security/cve/CVE-2024-1979"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266690"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://github.com/quarkusio/quarkus/issues/38055"
          }
        ],
        "sourceIdentifier": "secalert@redhat.com",
        "vulnStatus": "Awaiting Analysis",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-200"
              }
            ],
            "source": "secalert@redhat.com",
            "type": "Primary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.