CVE-2024-1979

EPSS 0.12%
Veröffentlicht 13.03.2024 10:15:08
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Quarkus: information leak in annotation

A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

CNA 3 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/quarkusio/quarkus/

≫

Paket quarkus

Default Statusunaffected

Version 0

Version < 3.2.11

Status affected

HerstellerRed Hat

≫

Produkt Red Hat build of Quarkus 3.2.11.Final

Default Statusaffected

Version 3.2.11.Final-redhat-00001

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Quarkus

Default Statusaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.303

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	3.5	1.8	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://access.redhat.com/errata/RHSA-2024:1662

https://access.redhat.com/security/cve/CVE-2024-1979

https://bugzilla.redhat.com/show_bug.cgi?id=2266690

https://github.com/quarkusio/quarkus/issues/38055

https://nvd.nist.gov/vuln/detail/CVE-2024-1979

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-1979

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-1979

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-1979