CVE-2024-2700

EPSS 0.04%
Veröffentlicht 04.04.2024 14:15:09
Zuletzt bearbeitet 12.12.2024 22:15:07
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Collection URLhttps://github.com/cockpit-project/cockpit/

≫

Paket quarkus-core

Default Statusunaffected

Version 3.8.4

Status affected

Version 3.2.12

Status affected

HerstellerRed Hat

≫

Produkt HawtIO 4.0.0 for Red Hat build of Apache Camel 4

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat AMQ Streams 2.7.0

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Apicurio Registry 2.6.1 GA

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Quarkus 3.2.12.Final

Default Statusaffected

Version < *

Version 3.2.12.Final-redhat-00001

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Quarkus 3.8.4.redhat

Default Statusaffected

Version < *

Version 3.8.4.redhat-00002

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-6

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-6

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-6

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-6

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-6

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-6

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-6

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-6

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-6

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-6

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.33.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.33.0-5

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.33.0-5

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.33.0-6

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.33.0-5

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.33.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.33.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt RHOSS-1.33-RHEL-8

Default Statusaffected

Version < *

Version 1.12.0-4

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Apache Camel 4 for Quarkus 3

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Apache Camel - HawtIO 4

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Build of Keycloak

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat build of OptaPlanner 8

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Quarkus

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Integration Camel K 1

Default Statusaffected

HerstellerRed Hat

≫

Produkt Red Hat Integration Camel Quarkus 2

Default Statusaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.096

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-526 Cleartext Storage of Sensitive Information in an Environment Variable

The product uses an environment variable to store unencrypted sensitive information.

https://access.redhat.com/errata/RHSA-2024:3527

https://access.redhat.com/errata/RHSA-2024:11023

https://access.redhat.com/errata/RHSA-2024:2106

https://access.redhat.com/errata/RHSA-2024:2705

https://access.redhat.com/errata/RHSA-2024:4028

https://access.redhat.com/errata/RHSA-2024:4873

https://access.redhat.com/security/cve/CVE-2024-2700

https://bugzilla.redhat.com/show_bug.cgi?id=2273281

https://nvd.nist.gov/vuln/detail/CVE-2024-2700

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-2700

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-2700

EUVD