CVE-2024-22038 HIGH

CVE-2024-22038: DoS attacks, information leaks etc. with crafted Git repositories in obs-scm-bridge

Vendor Suse
Product openSUSE Factory
Weakness CWE-59
Published November 28, 2024
Last update November 28, 2024

CVSS base score

7.3/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.

Key dates

02Disclosure timeline

November 28, 2024 CVE published
November 28, 2024 Record updated