Vulnerability Description
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive information via the `order` parameter of `GetMeshSyncResources`. Version 0.7.17 contains a patch for this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Layer5 | Meshery | < 0.7.17 |
Related Weaknesses (CWE)
References
- https://github.com/meshery/meshery/commit/8e995ce21af02d32ef61689c1e1748a745917fPatch
- https://github.com/meshery/meshery/pull/10207Issue TrackingPatch
- https://securitylab.github.com/advisories/GHSL-2023-249_Meshery/ExploitThird Party Advisory
- https://github.com/meshery/meshery/commit/8e995ce21af02d32ef61689c1e1748a745917fPatch
- https://github.com/meshery/meshery/pull/10207Issue TrackingPatch
- https://securitylab.github.com/advisories/GHSL-2023-249_Meshery/ExploitThird Party Advisory
FAQ
What is CVE-2024-29031?
CVE-2024-29031 is a vulnerability with a CVSS score of 7.5 (HIGH). Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0....
How severe is CVE-2024-29031?
CVE-2024-29031 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-29031?
Check the references section above for vendor advisories and patch information. Affected products include: Layer5 Meshery.