5.3

CVE-2024-0874

Coredns: cd bit response is cached and served later

A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/coredns/coredns
Paket coredns
Default Statusunaffected
Version 0
Version < 1.11.2
Status affected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.13
Default Statusaffected
Version v4.13.0-202408260940.p0.ge70f097.assembly.stream.el8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.14
Default Statusaffected
Version v4.14.0-202408260910.p0.gfdd6037.assembly.stream.el8
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.15
Default Statusaffected
Version v4.15.0-202407230407.p0.g1326282.assembly.stream.el9
Version < *
Status unaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.16
Default Statusaffected
Version v4.16.0-202406131906.p0.g04d84f7.assembly.stream.el9
Version < *
Status unaffected
HerstellerRed Hat
Produkt Logging Subsystem for Red Hat OpenShift
Default Statusunaffected
HerstellerRed Hat
Produkt Red Hat Advanced Cluster Management for Kubernetes 2
Default Statusaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.436
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-524 Use of Cache Containing Sensitive Information

The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.