nvd-json-data-feeds/CVE-2024/CVE-2024-568xx/CVE-2024-56802.json

{
  "id": "CVE-2024-56802",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2024-12-31T16:15:28.240",
  "lastModified": "2024-12-31T16:15:28.240",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Tapir is a private Terraform registry. Tapir versions 0.9.0 and 0.9.1 are facing a critical issue with scope-able Deploykeys where attackers can guess the key to get write access to the registry.  User must upgrade to 0.9.2."
    },
    {
      "lang": "es",
      "value": "Tapir es un registro privado de Terraform. Las versiones 0.9.0 y 0.9.1 de Tapir enfrentan un problema cr\u00edtico con las claves de implementaci\u00f3n con alcance limitado, donde los atacantes pueden adivinar la clave para obtener acceso de escritura al registro. El usuario debe actualizar a la versi\u00f3n 0.9.2."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "NONE",
          "vulnAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "subAvailabilityImpact": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirement": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "availabilityRequirement": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED"
        }
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/PacoVK/tapir/commit/c36360b611fa0ba4f5e250fa43ecf8a294785a03",
      "source": "security-advisories@github.com"
    },
    {
      "url": "https://github.com/PacoVK/tapir/security/advisories/GHSA-rj9m-qf65-f5gg",
      "source": "security-advisories@github.com"
    }
  ]
}