nvd-json-data-feeds/CVE-2024/CVE-2024-371xx/CVE-2024-37163.json

{
  "id": "CVE-2024-37163",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2024-06-07T17:15:51.230",
  "lastModified": "2024-11-21T09:23:20.327",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs.  SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data.  This affects version 1.0.0."
    },
    {
      "lang": "es",
      "value": "SkyScrape es un panel GUI para la infraestructura de AWS y la gesti\u00f3n de recursos y costos de uso. Las solicitudes API de SkyScrape son actualmente solicitudes HTTP no seguras, lo que genera vulnerabilidades potenciales para las credenciales y datos temporales del usuario. Esto afecta a la versi\u00f3n 1.0.0."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 4.7
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:opensourcelabs:skyscraper:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "97CC8F6A-7C12-4D4B-BDAD-3D3F6D3004D7"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j",
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}
Auto-Update: 2024-06-07T18:00:18.677280+00:00 2024-06-07 18:03:12 +00:00			`{`
			`"id": "CVE-2024-37163",`
			`"sourceIdentifier": "security-advisories@github.com",`
			`"published": "2024-06-07T17:15:51.230",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"lastModified": "2024-11-21T09:23:20.327",`
			`"vulnStatus": "Modified",`
Auto-Update: 2024-07-14T02:00:17.787041+00:00 2024-07-14 02:06:08 +00:00			`"cveTags": [],`
Auto-Update: 2024-06-07T18:00:18.677280+00:00 2024-06-07 18:03:12 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version 1.0.0."`
Auto-Update: 2024-06-16T02:00:18.245901+00:00 2024-06-16 02:03:09 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": "SkyScrape es un panel GUI para la infraestructura de AWS y la gesti\u00f3n de recursos y costos de uso. Las solicitudes API de SkyScrape son actualmente solicitudes HTTP no seguras, lo que genera vulnerabilidades potenciales para las credenciales y datos temporales del usuario. Esto afecta a la versi\u00f3n 1.0.0."`
Auto-Update: 2024-06-07T18:00:18.677280+00:00 2024-06-07 18:03:12 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "security-advisories@github.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"baseScore": 6.4,`
			`"baseSeverity": "MEDIUM",`
Auto-Update: 2024-06-07T18:00:18.677280+00:00 2024-06-07 18:03:12 +00:00			`"attackVector": "NETWORK",`
			`"attackComplexity": "HIGH",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "REQUIRED",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "LOW",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"availabilityImpact": "HIGH"`
Auto-Update: 2024-06-07T18:00:18.677280+00:00 2024-06-07 18:03:12 +00:00			`},`
			`"exploitabilityScore": 1.6,`
			`"impactScore": 4.7`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`},`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",`
			`"baseScore": 7.5,`
			`"baseSeverity": "HIGH",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "NONE"`
			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 3.6`
Auto-Update: 2024-06-07T18:00:18.677280+00:00 2024-06-07 18:03:12 +00:00			`}`
			`]`
			`},`
			`"weaknesses": [`
Auto-Update: 2024-11-13T19:00:34.158694+00:00 2024-11-13 19:03:36 +00:00			`{`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"source": "security-advisories@github.com",`
			`"type": "Secondary",`
Auto-Update: 2024-11-13T19:00:34.158694+00:00 2024-11-13 19:03:36 +00:00			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-319"`
			`}`
			`]`
			`},`
Auto-Update: 2024-06-07T18:00:18.677280+00:00 2024-06-07 18:03:12 +00:00			`{`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
Auto-Update: 2024-06-07T18:00:18.677280+00:00 2024-06-07 18:03:12 +00:00			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-319"`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2024-11-13T19:00:34.158694+00:00 2024-11-13 19:03:36 +00:00			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:opensourcelabs:skyscraper:1.0.0:::::::*",`
			`"matchCriteriaId": "97CC8F6A-7C12-4D4B-BDAD-3D3F6D3004D7"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2024-06-07T18:00:18.677280+00:00 2024-06-07 18:03:12 +00:00			`"references": [`
			`{`
			`"url": "https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j",`
Auto-Update: 2024-11-13T19:00:34.158694+00:00 2024-11-13 19:03:36 +00:00			`"source": "security-advisories@github.com",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`},`
			`{`
			`"url": "https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2024-06-07T18:00:18.677280+00:00 2024-06-07 18:03:12 +00:00			`}`
			`]`
			`}`