Attackers can leak information or cause denial of service through specially crafted git repositories in obs-scm-bridge
CVE-2024-22038

7.3HIGH

Key Information:

Vendor: Suse
Status: Opensuse Factory
Vendor: CVE Published:; 28 November 2024

Summary

The vulnerability in the OBS SCM Bridge product from SUSE arises from various issues that allow attackers to exploit specially crafted git repositories. This exploitation can lead to unauthorized information disclosure, enabling potential denial of service impacts. Organizations using this product should assess their risk and apply necessary mitigations promptly.

Affected Version(s)

openSUSE Factory 0 < 0.5.2

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22038

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 28, 2024
Vulnerability Reserved
Jan 4, 2024

Credit

Matthias Gerstner of SUSE