CVE-2024-12582

Published: Dic 24, 2024 Last Modified: Feb 13, 2025 EU-VD ID: EUVD-2024-50973
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,1
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: high

Description

AI Translation Available

A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the 'admin' user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0021
Percentile
0,4th
Updated

EPSS Score Trend (Last 90 Days)

305

Authentication Bypass by Primary Weakness

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Bypass Protection Mechanism
Applicable Platforms
All platforms may be affected
View CWE Details
https://access.redhat.com/errata/RHSA-2025:1413
https://access.redhat.com/errata/RHSA-2025:1413
https://access.redhat.com/security/cve/CVE-2024-12582
https://access.redhat.com/security/cve/CVE-2024-12582
https://bugzilla.redhat.com/show_bug.cgi?id=2333540
https://bugzilla.redhat.com/show_bug.cgi?id=2333540