Unsupported Input Validation Vulnerability Affects All Versions of Apache Karaf Cave
CVE-2024-34365

9.1CRITICAL

Key Information:

Vendor: Apache
Status: Apache Karaf Cave
Vendor: CVE Published:; 14 May 2024

Summary

The Apache Karaf Cave faces an improper input validation issue that affects all versions of the product. As a retired project, this issue will not be addressed with a patch or fix. Users are advised to explore alternative solutions or limit access to the affected instances to ensure security for their environment. It is crucial for organizations relying on this product to adopt strategies that protect against potential exploits stemming from this vulnerability.

Affected Version(s)

Apache Karaf Cave 0

References

https://karaf.apache.org/security/cve-2024-34365.txt

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/05/09/5

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
May 2, 2024

Credit

cigar