How severe is CVE-2024-12582?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2024-12582?

This is classified as CWE-305, which is a common weakness in software security.

CVE-2024-12582 - HIGH Severity | CVSS 7.1

Vulnerability Description

A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the "admin" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack.

Related Vulnerabilities

CVE-2024-20463

HIGH

CVSS:7.1(High)

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an...

CWE-3052024

CVE-2022-4722

HIGH

CVSS:7.2(High)

Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5.

CWE-3052022

CVE-2025-27370

MEDIUM

CVSS:6.9(Medium)

OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the private_key_jwt authentication mechanism is used, a malicious Authorization Server could trick a ...

CWE-3052025

CVE-2025-27371

MEDIUM

CVSS:6.9(Medium)

In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to au...

CWE-3052025

CVE-2020-14359

HIGH

CVSS:7.3(High)

A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some ...

CWE-3052020

CVE-2024-34077

HIGH

CVSS:7.3(High)

MantisBT (Mantis Bug Tracker) is an open source issue tracker. Insufficient access control in the registration and password reset process allows an attacker to reset another user's password and takeov...

CWE-3052024