CVE-2024-2700

EPSS 0.04%
Published 04.04.2024 14:15:09
Last modified 12.12.2024 22:15:07
Source secalert@redhat.com
Teams watchlist Login
Open Login

A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/cockpit-project/cockpit/

≫

Package quarkus-core

Default Statusunaffected

Version 3.8.4

Status affected

Version 3.2.12

Status affected

VendorRed Hat

≫

Product HawtIO 4.0.0 for Red Hat build of Apache Camel 4

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat AMQ Streams 2.7.0

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat build of Apicurio Registry 2.6.1 GA

Default Statusunaffected

VendorRed Hat

≫

Product Red Hat build of Quarkus 3.2.12.Final

Default Statusaffected

Version < *

Version 3.2.12.Final-redhat-00001

Status unaffected

VendorRed Hat

≫

Product Red Hat build of Quarkus 3.8.4.redhat

Default Statusaffected

Version < *

Version 3.8.4.redhat-00002

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-6

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-6

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-6

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-6

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-6

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-6

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-6

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-6

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-6

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-6

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.33.0-4

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.33.0-5

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.33.0-5

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.33.0-6

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.33.0-5

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.33.0-4

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.33.0-4

Status unaffected

VendorRed Hat

≫

Product RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

VendorRed Hat

≫

Product Red Hat build of Apache Camel 4 for Quarkus 3

Default Statusaffected

VendorRed Hat

≫

Product Red Hat build of Apache Camel - HawtIO 4

Default Statusaffected

VendorRed Hat

≫

Product Red Hat Build of Keycloak

Default Statusaffected

VendorRed Hat

≫

Product Red Hat build of OptaPlanner 8

Default Statusaffected

VendorRed Hat

≫

Product Red Hat build of Quarkus

Default Statusaffected

VendorRed Hat

≫

Product Red Hat Integration Camel K 1

Default Statusaffected

VendorRed Hat

≫

Product Red Hat Integration Camel Quarkus 2

Default Statusaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.096

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secalert@redhat.com	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-526 Cleartext Storage of Sensitive Information in an Environment Variable

The product uses an environment variable to store unencrypted sensitive information.

https://access.redhat.com/errata/RHSA-2024:3527

https://access.redhat.com/errata/RHSA-2024:11023

https://access.redhat.com/errata/RHSA-2024:2106

https://access.redhat.com/errata/RHSA-2024:2705

https://access.redhat.com/errata/RHSA-2024:4028

https://access.redhat.com/errata/RHSA-2024:4873

https://access.redhat.com/security/cve/CVE-2024-2700

https://bugzilla.redhat.com/show_bug.cgi?id=2273281

https://nvd.nist.gov/vuln/detail/CVE-2024-2700

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-2700

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-2700

EUVD