CVE Alert: CVE-2024-12582
Vulnerability Summary: CVE-2024-12582
A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the “admin” user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack.
Affected Endpoints:
No affected endpoints listed.
Published Date:
12/24/2024, 4:15:05 AM
🔥 CVSS Score:
Exploit Status:
Not ExploitedEPS Score: 0.00044 | Ranking EPS: 0.15104
References:
- https://access.redhat.com/security/cve/CVE-2024-12582
- https://bugzilla.redhat.com/show_bug.cgi?id=2333540
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
