fkie_cve-2024-1488
Vulnerability from fkie_nvd
Published
2024-02-15 05:15
Modified
2025-01-30 22:15
Severity ?
8.0 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Summary
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1750Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1751Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1780Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1801Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1802Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:1804Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2587Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:2696Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:0837
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2024-1488Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2264183Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1750Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1751Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1780Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1801Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1802Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:1804Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2587Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:2696Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2024-1488Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2264183Issue Tracking, Patch
Impacted products
Vendor Product Version
fedoraproject unbound *
redhat codeready_linux_builder 9.0
redhat codeready_linux_builder_eus 9.2
redhat codeready_linux_builder_eus 9.4
redhat codeready_linux_builder_eus_for_power_little_endian 9.0_ppc64le
redhat codeready_linux_builder_eus_for_power_little_endian 9.2_ppc64le
redhat codeready_linux_builder_for_arm64 9.0_aarch64
redhat codeready_linux_builder_for_arm64 9.2_aarch64
redhat codeready_linux_builder_for_arm64_eus 9.4_aarch64
redhat codeready_linux_builder_for_ibm_z_systems 9.0_s390x
redhat codeready_linux_builder_for_ibm_z_systems 9.2_s390x
redhat codeready_linux_builder_for_ibm_z_systems_eus 9.4_s390x
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_eus 8.8
redhat enterprise_linux_eus 9.2
redhat enterprise_linux_eus 9.4
redhat enterprise_linux_for_arm_64 8.0_aarch64
redhat enterprise_linux_for_arm_64 9.0_aarch64
redhat enterprise_linux_for_arm_64 9.2_aarch64
redhat enterprise_linux_for_arm_64_eus 8.6_aarch64
redhat enterprise_linux_for_arm_64_eus 8.8_aarch64
redhat enterprise_linux_for_arm_64_eus 9.4_aarch64
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
redhat enterprise_linux_for_ibm_z_systems 9.2_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 8.6_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 8.8_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 9.4_s390x
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le
redhat enterprise_linux_for_power_little_endian 9.0_ppc64le
redhat enterprise_linux_for_power_little_endian 9.2_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 8.6_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 8.8_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 9.4_ppc64le
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_aus 9.2
redhat enterprise_linux_server_aus 9.4
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.8_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.2_ppc64le
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 9.4_ppc64le
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_server_tus 8.8


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fedoraproject:unbound:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42DC89D4-6DF0-4212-B5BA-56583F095047",
                     versionEndExcluding: "1.19.1-2.fc40",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:codeready_linux_builder:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2ABBAA9E-CCBA-480B-ABB5-454448D91262",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "936B046D-ADEB-4701-8957-AC28CFA9C5C9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C4B0BD8-527F-4728-A64B-F8F06D5EDEC5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*",
                     matchCriteriaId: "98638583-9933-42F2-964E-7F8E7CF36918",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0DE225E-E1B5-411E-B2E7-6201E09B9571",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:*:*:*:*:*:*:*",
                     matchCriteriaId: "910C9542-26FC-4635-9351-128727971830",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.2_aarch64:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE497FA8-F9F2-4C45-8CA5-919B205303CA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.4_aarch64:*:*:*:*:*:*:*",
                     matchCriteriaId: "88F9EB73-1F19-4BD9-AB19-36F9F1A5156E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA3C5EAE-267F-410F-8AFA-8F5B68A9E617",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*",
                     matchCriteriaId: "50321FD4-AD8E-4460-8820-25F7C4ECAC5D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*",
                     matchCriteriaId: "35232613-B8B5-4F4D-A6CD-3823C6666534",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A47EF78-A5B6-4B89-8B74-EEB0647C549F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*",
                     matchCriteriaId: "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2_aarch64:*:*:*:*:*:*:*",
                     matchCriteriaId: "D85E0DBA-A856-472A-8271-A4F37C35F952",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*",
                     matchCriteriaId: "37B7CE5C-BFEA-4F96-9759-D511EF189059",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*",
                     matchCriteriaId: "213593D4-EB5A-4A1B-BDF3-3F043C5F6A6C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.4_aarch64:*:*:*:*:*:*:*",
                     matchCriteriaId: "01363FFA-F7A6-43FC-8D47-E67F95410095",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*",
                     matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB056B47-1F45-4CE4-81F6-872F66C24C29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.2_s390x:*:*:*:*:*:*:*",
                     matchCriteriaId: "2E068ABB-31C2-416E-974A-95E07A2BAB0A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*",
                     matchCriteriaId: "B758EDC9-6421-422C-899E-A273D2936D8E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*",
                     matchCriteriaId: "22C65F53-D624-48A9-A9B7-4C78A31E19F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.4_s390x:*:*:*:*:*:*:*",
                     matchCriteriaId: "F843B777-5C64-4CAE-80D6-89DC2C9515B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*",
                     matchCriteriaId: "23D471AC-7DCA-4425-AD91-E5D928753A8C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*",
                     matchCriteriaId: "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED521457-498F-4E43-B714-9A3F2C3CD09A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*",
                     matchCriteriaId: "D9C30C59-07F7-4CCE-B057-052ECCD36DB8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*",
                     matchCriteriaId: "F91F9255-4EE1-43C7-8831-D2B6C228BFD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.4_ppc64le:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC3CBA5D-9E5D-4C46-B37E-7BB35BE8DADB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "39D345D3-108A-4551-A112-5EE51991411A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2_ppc64le:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC54523F-1F6A-4F55-9B33-6C5A493B0541",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4_ppc64le:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E645F29-0FE0-477F-969A-55F009AB018C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*",
                     matchCriteriaId: "6C138DAF-9769-43B0-A9E6-320738EB3415",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8_ppc64le:*:*:*:*:*:*:*",
                     matchCriteriaId: "18037675-B4D3-401E-96D3-9EA3C1993920",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC6A25CB-907A-4D05-8460-A2488938A8BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.4_ppc64le:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C30F155-DF7D-4195-92D9-A5B80407228D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1CA946D-1665-4874-9D41-C7D963DD1F56",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether.",
      },
      {
         lang: "es",
         value: "Se encontró una vulnerabilidad en Unbound debido a permisos predeterminados incorrectos, lo que permite que cualquier proceso fuera del grupo independiente modifique la configuración del tiempo de ejecución independiente. Si un proceso puede conectarse a través de localhost al puerto 8953, puede alterar la configuración de unbound.service. Esta falla permite que un atacante sin privilegios manipule una instancia en ejecución, alterando potencialmente a los reenviadores, permitiéndoles rastrear todas las consultas enviadas por el solucionador local y, en algunos casos, interrumpiendo la resolución por completo.",
      },
   ],
   id: "CVE-2024-1488",
   lastModified: "2025-01-30T22:15:09.037",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 8,
               baseSeverity: "HIGH",
               confidentialityImpact: "LOW",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.5,
            impactScore: 5.5,
            source: "secalert@redhat.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.3,
               baseSeverity: "HIGH",
               confidentialityImpact: "LOW",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.5,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-02-15T05:15:10.257",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:1750",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:1751",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:1780",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:1801",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:1802",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:1804",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:2587",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:2696",
      },
      {
         source: "secalert@redhat.com",
         url: "https://access.redhat.com/errata/RHSA-2025:0837",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2024-1488",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264183",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:1750",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:1751",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:1780",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:1801",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:1802",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:1804",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:2587",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2024:2696",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/CVE-2024-1488",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2264183",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-276",
            },
         ],
         source: "secalert@redhat.com",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-276",
            },
         ],
         source: "nvd@nist.gov",
         type: "Secondary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.