CVE-2024-49587 — CRITICAL (9.1)

Vulnerability Description

Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed Gotham Instances

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Related Weaknesses (CWE)

CWE-305

References

https://palantir.safebase.us/?tcuUid=95e2d805-dd2f-4544-b164-e61100f47b11

FAQ

What is CVE-2024-49587?

CVE-2024-49587 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/de...

How severe is CVE-2024-49587?

CVE-2024-49587 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-49587?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.