CVE-2024-22038
Vulnerability Scoring
Attack Complexity Details
- Attack Complexity: Low Impact
- Attack Vector: LOCAL
- Privileges Required: None
- Scope: UNCHANGED
- User Interaction: REQUIRED
CIA Impact Definition
- Confidentiality: Low Impact
- Integrity: HIGH IMPACT
- Availability: HIGH IMPACT
CVE-2024-22038 Vulnerability Summary
Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.
Need help fixing CVEs? Check out our Step-by-Step Guide on How to Fix CVEs.
Access Complexity Graph for CVE-2024-22038
Impact Analysis for CVE-2024-22038
CVE-2024-22038: Detailed Information and External References
EPSS
0.00043
EPSS %
0.10929
References
0.00043
CWE
CWE-59
CAPEC
0.00043
- Symlink Attack: An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
- Using Malicious Files: An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
- Leverage Executable Code in Non-Executable Files: An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
- Manipulating Web Input to File System Calls: An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
CVSS3 Source
meissner@suse.de
CVSS3 Type
Secondary
CVSS3 Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
Protect Your Infrastructure: Combat Critical CVE Threats
Stay updated with real-time CVE vulnerabilities and take action to secure your systems. Enhance your cybersecurity posture with the latest threat intelligence and mitigation techniques. Develop the skills necessary to defend against CVEs and secure critical infrastructures. Join the top cybersecurity professionals safeguarding today's infrastructures.