Home > Vulnerability Database > CVE-2024-34084

Mend.io Vulnerability Database

CVE-2024-34084

Good to know:

Date: May 7, 2024

Minder's "HandleGithubWebhook" is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests to "HandleGithubWebhook" to crash the Minder controlplane and deny other users from using it. This vulnerability is fixed in 0.0.48.

Language: Go

Severity Score

7.5

Related Resources (9)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-34084

Url: https://github.com/stacklok/minder/commit/3e5a527d2f1b535159206161d1d519602c75bd0d

Url: https://github.com/stacklok/minder/blob/ee66f6c0763212503c898cfefb65ce1450c7f5ac/internal/controlplane/handlers_githubwebhooks.go#L213-L218

Url: https://github.com/stacklok/minder/blob/ee66f6c0763212503c898cfefb65ce1450c7f5ac/internal/controlplane/handlers_githubwebhooks.go#L337-L342

Url: https://github.com/stacklok/minder/blob/ee66f6c0763212503c898cfefb65ce1450c7f5ac/internal/controlplane/handlers_githubwebhooks_test.go#L278-L283

Url: https://github.com/stacklok/minder/blob/ee66f6c0763212503c898cfefb65ce1450c7f5ac/internal/controlplane/handlers_githubwebhooks.go#L367-L377

Url: https://github.com/stacklok/minder/security/advisories/GHSA-9c5w-9q3f-3hv7

Url: https://github.com/stacklok/minder

Url: https://www.mend.io/vulnerability-database/CVE-2024-34084

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Top Fix

Upgrade Version

Upgrade to version github.com/stacklok/minder - v0.0.48

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-34084

Good to know:

Date: May 7, 2024

Language: Go

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?