{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-9802", "ASSIGNER": "zowe-security@lists.openmainframeproject.org", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The attacker could also check if a service is running." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Open Mainframe Project", "product": { "product_data": [ { "product_name": "Zowe", "version": { "version_data": [ { "version_affected": "<", "version_name": "2.11.0", "version_value": "2.17.0" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://github.com/zowe/api-layer", "refsource": "MISC", "name": "https://github.com/zowe/api-layer" } ] }, "work_around": [ { "lang": "en", "value": "No workaround is available." } ], "exploit": [ { "lang": "en", "value": "There are no known exploits of this issue however exploits targeting this issue are publicly available." } ], "solution": [ { "lang": "en", "value": "There is a fix since version 2.17.0, authentication is required for the endpoints." } ], "credits": [ { "lang": "en", "value": "Pablo Hernan Carle" }, { "lang": "en", "value": "Pavel Jare\u0161" } ], "impact": { "cvss": [ { "version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C" } ] } }