Vulnerability Description
Minder's `HandleGithubWebhook` is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests to `HandleGithubWebhook` to crash the Minder controlplane and deny other users from using it. This vulnerability is fixed in 0.0.48.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/stacklok/minder/commit/3e5a527d2f1b535159206161d1d519602c75bd
- https://github.com/stacklok/minder/security/advisories/GHSA-9c5w-9q3f-3hv7
- https://github.com/stacklok/minder/commit/3e5a527d2f1b535159206161d1d519602c75bd
- https://github.com/stacklok/minder/security/advisories/GHSA-9c5w-9q3f-3hv7
FAQ
What is CVE-2024-34084?
CVE-2024-34084 is a vulnerability with a CVSS score of 7.5 (HIGH). Minder's `HandleGithubWebhook` is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is s...
How severe is CVE-2024-34084?
CVE-2024-34084 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-34084?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.