Minder HandleGithubWebhook Vulnerability
CVE-2024-34084

7.5HIGH

Key Information:

Vendor: Stacklok
Status: Minder
Vendor: CVE Published:; 7 May 2024

What is CVE-2024-34084?

Minder's HandleGithubWebhook has a vulnerability that enables an attacker to execute a denial of service attack through the submission of untrusted HTTP requests. The flaw arises because incoming requests are not validated prior to being processed. An attacker can exploit this weakness to crash the Minder controlplane, rendering it unavailable to other users. This issue highlights the importance of strict request validation and timely software updates, with a patch already released in version 0.0.48 to remediate the vulnerability.

Affected Version(s)

minder < 0.0.48

References

https://github.com/stacklok/minder/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/stacklok/minder/commit/3e5a527d2f1b535...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2024
Vulnerability Reserved
Apr 30, 2024

Stacklok

What is CVE-2024-34084?

Affected Version(s)

References

CVSS V3.1

Timeline