admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-215xx/CVE-2024-21571.json
cad-safe-bot 5fc0b01395 Auto-Update: 2024-12-15T03:00:19.262894+00:00
2024-12-15 03:03:56 +00:00

60 lines
2.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-21571",
"sourceIdentifier": "report@snyk.io",
"published": "2024-12-06T14:15:19.997",
"lastModified": "2024-12-06T14:15:19.997",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Snyk has identified a remote code execution (RCE) vulnerability in all versions of Code Agent. The vulnerability enables an attacker to execute arbitrary code within the Code Agent container. Exploiting this vulnerability would require an attacker to have network access to the Code Agent within the deployment environment. External exploitation of this vulnerability is unlikely and depends on both misconfigurations of the cluster and/or chaining with another vulnerability. However, internal exploitation (with a cluster misconfiguration) could still be possible."
},
{
"lang": "es",
"value": "Snyk ha identificado una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) en todas las versiones de Code Agent. La vulnerabilidad permite a un atacante ejecutar c\u00f3digo arbitrario dentro del contenedor de Code Agent. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda tener acceso de red a Code Agent dentro del entorno de implementaci\u00f3n. La explotaci\u00f3n externa de esta vulnerabilidad es poco probable y depende tanto de configuraciones incorrectas del cl\u00faster como de la conexi\u00f3n con otra vulnerabilidad. Sin embargo, la explotaci\u00f3n interna (con una configuraci\u00f3n incorrecta del cl\u00faster) a\u00fan podr\u00eda ser posible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.4,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "report@snyk.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21571",
"source": "report@snyk.io"
}
]
}
Reference in New Issue View Git Blame Copy Permalink