CVE-2024-37163

SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version 1.0.0.
Configurations

Configuration 1 (hide)

cpe:2.3:a:opensourcelabs:skyscraper:1.0.0:*:*:*:*:*:*:*

History

13 Nov 2024, 18:42

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.4
v2 : unknown
v3 : 7.5
Summary
  • (es) SkyScrape es un panel GUI para la infraestructura de AWS y la gestión de recursos y costos de uso. Las solicitudes API de SkyScrape son actualmente solicitudes HTTP no seguras, lo que genera vulnerabilidades potenciales para las credenciales y datos temporales del usuario. Esto afecta a la versión 1.0.0.
References () https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j - () https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j - Vendor Advisory
CPE cpe:2.3:a:opensourcelabs:skyscraper:1.0.0:*:*:*:*:*:*:*
First Time Opensourcelabs
Opensourcelabs skyscraper

07 Jun 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-07 17:15

Updated : 2024-11-13 18:42


NVD link : CVE-2024-37163

Mitre link : CVE-2024-37163

CVE.ORG link : CVE-2024-37163


JSON object : View

Products Affected

opensourcelabs

  • skyscraper
CWE
CWE-319

Cleartext Transmission of Sensitive Information