CVE-2024-33396

An issue in karmada-io karmada v1.9.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.
Configurations

No configuration.

History

21 Nov 2024, 09:16

Type Values Removed Values Added
References () https://gist.github.com/HouqiyuA/2b56a893c06553013982836abb77ba50 - () https://gist.github.com/HouqiyuA/2b56a893c06553013982836abb77ba50 -

03 Jul 2024, 01:58

Type Values Removed Values Added
CWE CWE-284
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.4

03 May 2024, 12:50

Type Values Removed Values Added
Summary
  • (es) Un problema en karmada-io karmada v1.9.0 y anteriores permite a un atacante local ejecutar código arbitrario mediante un comando manipulado para obtener el componente token.

02 May 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-02 19:15

Updated : 2024-11-21 09:16


NVD link : CVE-2024-33396

Mitre link : CVE-2024-33396

CVE.ORG link : CVE-2024-33396


JSON object : View

Products Affected

No product.

CWE
CWE-284

Improper Access Control