CVE-2024-56802

Tapir is a private Terraform registry. Tapir versions 0.9.0 and 0.9.1 are facing a critical issue with scope-able Deploykeys where attackers can guess the key to get write access to the registry. User must upgrade to 0.9.2.

CVSS

No CVSS.

References

Link	Resource
https://github.com/PacoVK/tapir/commit/c36360b611fa0ba4f5e250fa43ecf8a294785a03
https://github.com/PacoVK/tapir/security/advisories/GHSA-rj9m-qf65-f5gg

Configurations

No configuration.

History

No history.

Information

Published : 2024-12-31 16:15

Updated : 2024-12-31 16:15

NVD link : CVE-2024-56802

Mitre link : CVE-2024-56802

CVE.ORG link : CVE-2024-56802

JSON object : View

Products Affected

No product.

CWE

CWE-285

Improper Authorization

{"id": "CVE-2024-56802", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-12-31T16:15:28.240", "references": [{"url": "https://github.com/PacoVK/tapir/commit/c36360b611fa0ba4f5e250fa43ecf8a294785a03", "source": "security-advisories@github.com"}, {"url": "https://github.com/PacoVK/tapir/security/advisories/GHSA-rj9m-qf65-f5gg", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "Tapir is a private Terraform registry. Tapir versions 0.9.0 and 0.9.1 are facing a critical issue with scope-able Deploykeys where attackers can guess the key to get write access to the registry. User must upgrade to 0.9.2."}, {"lang": "es", "value": "Tapir es un registro privado de Terraform. Las versiones 0.9.0 y 0.9.1 de Tapir enfrentan un problema cr\u00edtico con las claves de implementaci\u00f3n con alcance limitado, donde los atacantes pueden adivinar la clave para obtener acceso de escritura al registro. El usuario debe actualizar a la versi\u00f3n 0.9.2."}], "lastModified": "2024-12-31T16:15:28.240", "sourceIdentifier": "security-advisories@github.com"}

CVE-2024-56802

JSON object

Attach tags to CVE-2024-56802

Attach tags to `CVE-2024-56802`