Skyport Daemon Causing Issues
CVE-2024-42481
7.5HIGH
Key Information:
- Vendor
- Skyportlabs
- Status
- Skyportd
- Vendor
- CVE Published:
- 12 August 2024
Summary
The Skyport Daemon (skyportd), utilized in managing the Skyport Panel, has a vulnerability that allows for a significant increase in CPU usage and potential system crashes. This vulnerability arises from the lack of rate limiting on the creation of folders and files through functions like createFolder and createFile. Malicious actors can exploit this weakness by creating thousands of folders and files, leading to 100% CPU utilization and out-of-memory (OOM) conditions, which may result in a crash of the affected system. The issue has been addressed in version 0.2.2.
Affected Version(s)
skyportd < 0.2.2
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database