diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45497.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45497.json new file mode 100644 index 00000000000..f405bf6d4f6 --- /dev/null +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45497.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-45497", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-12-31T03:15:05.543", + "lastModified": "2024-12-31T03:15:05.543", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories. The mount is not read-only, which allows the attacker to overwrite it. By modifying the config.json file, the attacker can cause a denial of service by preventing the node from pulling new images and potentially exfiltrating sensitive secrets. This flaw impacts the availability of services dependent on image pulls and exposes sensitive information to unauthorized parties." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-45497", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308673", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index d58ab22131c..418e53ae2c9 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-31T03:00:38.484720+00:00 +2024-12-31T05:00:21.526552+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-31T02:15:06.303000+00:00 +2024-12-31T03:15:05.543000+00:00 ``` ### Last Data Feed Release @@ -33,23 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -275205 +275206 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `1` -- [CVE-2024-12838](CVE-2024/CVE-2024-128xx/CVE-2024-12838.json) (`2024-12-31T02:15:05.877`) -- [CVE-2024-12839](CVE-2024/CVE-2024-128xx/CVE-2024-12839.json) (`2024-12-31T02:15:06.110`) -- [CVE-2024-13040](CVE-2024/CVE-2024-130xx/CVE-2024-13040.json) (`2024-12-31T02:15:06.303`) +- [CVE-2024-45497](CVE-2024/CVE-2024-454xx/CVE-2024-45497.json) (`2024-12-31T03:15:05.543`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2024-3393](CVE-2024/CVE-2024-33xx/CVE-2024-3393.json) (`2024-12-31T02:00:01.807`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 97d6e02d183..4d2d4d19912 100644 --- a/_state.csv +++ b/_state.csv @@ -245133,8 +245133,8 @@ CVE-2024-12832,0,0,c36c4dbfbed5d52ec77f535bcad057707bcb3f30150d33c83f565d39d6ff7 CVE-2024-12834,0,0,42c1eae502d28c98db195f540a9c8f4947fcef6a936ce9383d090aeedf31e01d,2024-12-30T17:15:07.857000 CVE-2024-12835,0,0,456551b469a3e0837a51a7b87cad89a81e52a63efb0e82cd825df7f15bc00b7a,2024-12-30T17:15:08 CVE-2024-12836,0,0,947a6526b2f3576c89b08ea6819418230607e057855f6bcd272df393ac987473,2024-12-30T17:15:08.137000 -CVE-2024-12838,1,1,f16c2ddb711385756859e1dc99cf0ebd4fe756fa76201b554f34b22546aa92b1,2024-12-31T02:15:05.877000 -CVE-2024-12839,1,1,5410c29dcc5f8afc30bfcd037c9e6fac87d3754b4020401bf2d32d25b3f14db1,2024-12-31T02:15:06.110000 +CVE-2024-12838,0,0,f16c2ddb711385756859e1dc99cf0ebd4fe756fa76201b554f34b22546aa92b1,2024-12-31T02:15:05.877000 +CVE-2024-12839,0,0,5410c29dcc5f8afc30bfcd037c9e6fac87d3754b4020401bf2d32d25b3f14db1,2024-12-31T02:15:06.110000 CVE-2024-1284,0,0,2e71db4897104f6683ee75152cd91e2f417b7912ff1c292da5c27be659017dd1,2024-11-21T08:50:13.780000 CVE-2024-12840,0,0,e7528a4b68539dcba75aad0835821b79ed34f43bac74e1052c7303bbe2f9c53b,2024-12-20T16:15:23.417000 CVE-2024-12841,0,0,c738525065181f5fd675eaeda283796811d753e1465fe11eed1df9a607acfd7a,2024-12-20T19:15:06.097000 @@ -245284,7 +245284,7 @@ CVE-2024-13037,0,0,ad1a2687fd8ca034a4ba7eb450dd7b7cb6ce76af79e47f53a4dcc006981f2 CVE-2024-13038,0,0,4583c4724ce1695329d04a091cf334038675ae1fc4b89e1e9c52332e7b115d63,2024-12-30T17:15:08.473000 CVE-2024-13039,0,0,5fcf5529e0f60e939c342e8ff9bcb8e9371ea109f210669df3b0c791fd94ef0a,2024-12-30T17:15:08.597000 CVE-2024-1304,0,0,7f3d377d10786bd7b29e3437adfa1f791151a43db698785def3901d685804d14,2024-11-21T08:50:16.717000 -CVE-2024-13040,1,1,a1b5d05401cf418a59b0f679ad1dde1d9e5e2bdf3e303602eafaafe8d09ac44b,2024-12-31T02:15:06.303000 +CVE-2024-13040,0,0,a1b5d05401cf418a59b0f679ad1dde1d9e5e2bdf3e303602eafaafe8d09ac44b,2024-12-31T02:15:06.303000 CVE-2024-13042,0,0,79d3038a3776ed8900f4502faeed80d95c375db4f2c3ae792b7f1b6168d6c4e8,2024-12-30T21:15:06.523000 CVE-2024-13043,0,0,a57d8becfe9ca92a82190ea64963a694c6040f83cb00135ce055f57002bf8d4c,2024-12-30T21:15:06.713000 CVE-2024-13044,0,0,6d3c3cdcc975fb5586b26099e393540139d286d458e4c5db4ccad7a86d240708,2024-12-30T21:15:06.840000 @@ -256453,7 +256453,7 @@ CVE-2024-33926,0,0,ba3b0b5d452557f451f073e7051635f20935a7d4b0bf1e31891232c3b0d24 CVE-2024-33927,0,0,47a33c5c8d9c813c7e0792969b9d2c7f5a02e1e804addbde5e0fd6efc0070e34,2024-11-21T09:17:45.063000 CVE-2024-33928,0,0,5485d29b9f1f54b48807c0a7fab77f8660a3f6f005966e3d555ef2b3d42ff3b8,2024-11-21T09:17:45.170000 CVE-2024-33929,0,0,9250b6acc401d14df60daf091a118dd6e90efe6072ae5814267d257083c00a7c,2024-11-21T09:17:45.277000 -CVE-2024-3393,0,1,b48542ef6904dd8c7115e5c27bb4a2e96704783642e34a95b81a006de0382425,2024-12-31T02:00:01.807000 +CVE-2024-3393,0,0,b48542ef6904dd8c7115e5c27bb4a2e96704783642e34a95b81a006de0382425,2024-12-31T02:00:01.807000 CVE-2024-33930,0,0,352e81bce8bffcdd250f3e4cc8b8032938f93f842babfe72361bc9938c4c9ff9,2024-11-21T09:17:45.387000 CVE-2024-33931,0,0,02797798e9c898cf0c4c463d6fab582aa710f3a0cf7c63a98df878120217d686,2024-11-21T09:17:45.490000 CVE-2024-33932,0,0,a959ef4dc107f5a5fd9667e1036684cdb3d2d4571d8d1f2cc49022d8aa2387fc,2024-11-21T09:17:45.610000 @@ -264950,6 +264950,7 @@ CVE-2024-45493,0,0,63ded12e1cce66753793ae82bef6c61efd91f10fe98a5bd1c054c3ddfbe0b CVE-2024-45494,0,0,e62b8176d74731dfdb1c9ebc3d4575fcabd14aac12deeb9776633eac1b50aecb,2024-12-17T19:15:06.497000 CVE-2024-45495,0,0,052cbd46ff58a2733b006c164c39180c42ff3c9c0f05edf173b6ee70b661cd18,2024-12-04T17:15:14.537000 CVE-2024-45496,0,0,0a17ce5abed3bb6e6bd1207267280384036ed1f3c38b934c9b15f23fd0a10899,2024-09-20T12:31:20.110000 +CVE-2024-45497,1,1,042496262c7e82cf17ef967155f215867661e89f5d9d49896bce345ca524cbf5,2024-12-31T03:15:05.543000 CVE-2024-45498,0,0,ca7ab14623fe44aa59d843f355963b5b1f5525ef3bebc4a2486921426a009155,2024-11-21T09:37:51.613000 CVE-2024-4550,0,0,d020c2baa57a4c8c78c6437cdbbe1c555a0bddf99dab5627801ef1d8b20c6e80,2024-09-14T11:47:14.677000 CVE-2024-45504,0,0,117e3b0ea98f4e26734959281e27af071785e94eccc716f5288207bae003b1cf,2024-11-04T21:35:09.173000