CVE-2024-45794
CVE-2024-45794
Título es
CVE-2024-45794
Jue, 07/11/2024 – 18:15
Tipo
CWE-89
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-45794
Descripción en
devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user (with minimum permission) could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API (/orchestrator/user). This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
07/11/2024
07/11/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Gravedad 3.1 (CVSS 3.1 Base Score)
8.30
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH
Enviar en el boletín
Off
