Auto-Update: 2024-12-31T05:00:21.526552+00:00

2025-07-09 16:05:11 +00:00 · 2024-12-31 05:03:44 +00:00 · 2024-12-31 05:03:44 +00:00 · 7e631f6b6e
commit 7e631f6b6e
parent d9b2ebbd63
3 changed files with 71 additions and 13 deletions
--- a/CVE-2024/CVE-2024-454xx/CVE-2024-45497.json
+++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45497.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-45497",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2024-12-31T03:15:05.543",
+  "lastModified": "2024-12-31T03:15:05.543",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories. The mount is not read-only, which allows the attacker to overwrite it. By modifying the config.json file, the attacker can cause a denial of service by preventing the node from pulling new images and potentially exfiltrating sensitive secrets. This flaw impacts the availability of services dependent on image pulls and exposes sensitive information to unauthorized parties."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
+          "baseScore": 7.6,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 4.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "secalert@redhat.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-732"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2024-45497",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308673",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-12-31T03:00:38.484720+00:00
+2024-12-31T05:00:21.526552+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-12-31T02:15:06.303000+00:00
+2024-12-31T03:15:05.543000+00:00
 ```

 ### Last Data Feed Release
@ -33,23 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-275205
+275206
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `1`

- [CVE-2024-12838](CVE-2024/CVE-2024-128xx/CVE-2024-12838.json) (`2024-12-31T02:15:05.877`)
- [CVE-2024-12839](CVE-2024/CVE-2024-128xx/CVE-2024-12839.json) (`2024-12-31T02:15:06.110`)
- [CVE-2024-13040](CVE-2024/CVE-2024-130xx/CVE-2024-13040.json) (`2024-12-31T02:15:06.303`)
+- [CVE-2024-45497](CVE-2024/CVE-2024-454xx/CVE-2024-45497.json) (`2024-12-31T03:15:05.543`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

- [CVE-2024-3393](CVE-2024/CVE-2024-33xx/CVE-2024-3393.json) (`2024-12-31T02:00:01.807`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -245133,8 +245133,8 @@ CVE-2024-12832,0,0,c36c4dbfbed5d52ec77f535bcad057707bcb3f30150d33c83f565d39d6ff7
 CVE-2024-12834,0,0,42c1eae502d28c98db195f540a9c8f4947fcef6a936ce9383d090aeedf31e01d,2024-12-30T17:15:07.857000
 CVE-2024-12835,0,0,456551b469a3e0837a51a7b87cad89a81e52a63efb0e82cd825df7f15bc00b7a,2024-12-30T17:15:08
 CVE-2024-12836,0,0,947a6526b2f3576c89b08ea6819418230607e057855f6bcd272df393ac987473,2024-12-30T17:15:08.137000
-CVE-2024-12838,1,1,f16c2ddb711385756859e1dc99cf0ebd4fe756fa76201b554f34b22546aa92b1,2024-12-31T02:15:05.877000
-CVE-2024-12839,1,1,5410c29dcc5f8afc30bfcd037c9e6fac87d3754b4020401bf2d32d25b3f14db1,2024-12-31T02:15:06.110000
+CVE-2024-12838,0,0,f16c2ddb711385756859e1dc99cf0ebd4fe756fa76201b554f34b22546aa92b1,2024-12-31T02:15:05.877000
+CVE-2024-12839,0,0,5410c29dcc5f8afc30bfcd037c9e6fac87d3754b4020401bf2d32d25b3f14db1,2024-12-31T02:15:06.110000
 CVE-2024-1284,0,0,2e71db4897104f6683ee75152cd91e2f417b7912ff1c292da5c27be659017dd1,2024-11-21T08:50:13.780000
 CVE-2024-12840,0,0,e7528a4b68539dcba75aad0835821b79ed34f43bac74e1052c7303bbe2f9c53b,2024-12-20T16:15:23.417000
 CVE-2024-12841,0,0,c738525065181f5fd675eaeda283796811d753e1465fe11eed1df9a607acfd7a,2024-12-20T19:15:06.097000
@ -245284,7 +245284,7 @@ CVE-2024-13037,0,0,ad1a2687fd8ca034a4ba7eb450dd7b7cb6ce76af79e47f53a4dcc006981f2
 CVE-2024-13038,0,0,4583c4724ce1695329d04a091cf334038675ae1fc4b89e1e9c52332e7b115d63,2024-12-30T17:15:08.473000
 CVE-2024-13039,0,0,5fcf5529e0f60e939c342e8ff9bcb8e9371ea109f210669df3b0c791fd94ef0a,2024-12-30T17:15:08.597000
 CVE-2024-1304,0,0,7f3d377d10786bd7b29e3437adfa1f791151a43db698785def3901d685804d14,2024-11-21T08:50:16.717000
-CVE-2024-13040,1,1,a1b5d05401cf418a59b0f679ad1dde1d9e5e2bdf3e303602eafaafe8d09ac44b,2024-12-31T02:15:06.303000
+CVE-2024-13040,0,0,a1b5d05401cf418a59b0f679ad1dde1d9e5e2bdf3e303602eafaafe8d09ac44b,2024-12-31T02:15:06.303000
 CVE-2024-13042,0,0,79d3038a3776ed8900f4502faeed80d95c375db4f2c3ae792b7f1b6168d6c4e8,2024-12-30T21:15:06.523000
 CVE-2024-13043,0,0,a57d8becfe9ca92a82190ea64963a694c6040f83cb00135ce055f57002bf8d4c,2024-12-30T21:15:06.713000
 CVE-2024-13044,0,0,6d3c3cdcc975fb5586b26099e393540139d286d458e4c5db4ccad7a86d240708,2024-12-30T21:15:06.840000
@ -256453,7 +256453,7 @@ CVE-2024-33926,0,0,ba3b0b5d452557f451f073e7051635f20935a7d4b0bf1e31891232c3b0d24
 CVE-2024-33927,0,0,47a33c5c8d9c813c7e0792969b9d2c7f5a02e1e804addbde5e0fd6efc0070e34,2024-11-21T09:17:45.063000
 CVE-2024-33928,0,0,5485d29b9f1f54b48807c0a7fab77f8660a3f6f005966e3d555ef2b3d42ff3b8,2024-11-21T09:17:45.170000
 CVE-2024-33929,0,0,9250b6acc401d14df60daf091a118dd6e90efe6072ae5814267d257083c00a7c,2024-11-21T09:17:45.277000
-CVE-2024-3393,0,1,b48542ef6904dd8c7115e5c27bb4a2e96704783642e34a95b81a006de0382425,2024-12-31T02:00:01.807000
+CVE-2024-3393,0,0,b48542ef6904dd8c7115e5c27bb4a2e96704783642e34a95b81a006de0382425,2024-12-31T02:00:01.807000
 CVE-2024-33930,0,0,352e81bce8bffcdd250f3e4cc8b8032938f93f842babfe72361bc9938c4c9ff9,2024-11-21T09:17:45.387000
 CVE-2024-33931,0,0,02797798e9c898cf0c4c463d6fab582aa710f3a0cf7c63a98df878120217d686,2024-11-21T09:17:45.490000
 CVE-2024-33932,0,0,a959ef4dc107f5a5fd9667e1036684cdb3d2d4571d8d1f2cc49022d8aa2387fc,2024-11-21T09:17:45.610000
@ -264950,6 +264950,7 @@ CVE-2024-45493,0,0,63ded12e1cce66753793ae82bef6c61efd91f10fe98a5bd1c054c3ddfbe0b
 CVE-2024-45494,0,0,e62b8176d74731dfdb1c9ebc3d4575fcabd14aac12deeb9776633eac1b50aecb,2024-12-17T19:15:06.497000
 CVE-2024-45495,0,0,052cbd46ff58a2733b006c164c39180c42ff3c9c0f05edf173b6ee70b661cd18,2024-12-04T17:15:14.537000
 CVE-2024-45496,0,0,0a17ce5abed3bb6e6bd1207267280384036ed1f3c38b934c9b15f23fd0a10899,2024-09-20T12:31:20.110000
+CVE-2024-45497,1,1,042496262c7e82cf17ef967155f215867661e89f5d9d49896bce345ca524cbf5,2024-12-31T03:15:05.543000
 CVE-2024-45498,0,0,ca7ab14623fe44aa59d843f355963b5b1f5525ef3bebc4a2486921426a009155,2024-11-21T09:37:51.613000
 CVE-2024-4550,0,0,d020c2baa57a4c8c78c6437cdbbe1c555a0bddf99dab5627801ef1d8b20c6e80,2024-09-14T11:47:14.677000
 CVE-2024-45504,0,0,117e3b0ea98f4e26734959281e27af071785e94eccc716f5288207bae003b1cf,2024-11-04T21:35:09.173000