Vulnerabilities > CVE-2024-12582

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

CWE-305

NVD

Published: 2024-12-24

Updated: 2024-12-24

Summary

A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the "admin" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack.

Common Weakness Enumeration (CWE)

CWE-305 - Authentication Bypass by Primary Weakness

Vulnerabilities > CVE-2024-12582 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2024-12582"}]}

Summary

Common Weakness Enumeration (CWE)

References

Vulnerabilities > CVE-2024-12582