CVE-2024-1979 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2024-1979

CVE-2024-1979

March 13, 2024

A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk.

Affected Packages

io.quarkus:quarkus-kubernetes-deployment (JAVA):

Affected version(s) >=0.13.0 <3.7.3

Fix Suggestion:

Update to version 3.7.3

Related Resources (8)

https://access.redhat.com/security/cve/CVE-2024-1979

https://nvd.nist.gov/vuln/detail/CVE-2024-1979

https://github.com/quarkusio/quarkus/commit/3a3b0d739222a2e476e085a955cfa090739f5924

https://access.redhat.com/errata/RHSA-2024:1662

https://bugzilla.redhat.com/show_bug.cgi?id=2266690

https://github.com/quarkusio/quarkus/commit/5bc05ee35365a905f0e9e37f248c38688a81caaf

https://github.com/quarkusio/quarkus/issues/38055

https://github.com/quarkusio/quarkus

Do you need more information?

CVSS v4

Base Score:

2.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

LOW

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

3.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

EPSS

Base Score:

0.07

Products

Solutions

Resources

Company

Compare

Developer Tools