CVE-2024-24757 HIGH

CVE-2024-24757: open-irs .env Exposure

Vendor Degamisu
Product open-irs
Weakness CWE-200 · Info exposure
Published February 2, 2024
Last update August 1, 2024

CVSS base score

7.6/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

open-irs is an issue response robot that reponds to issues in the installed repository. The `.env` file was accidentally uploaded when working with git actions. This problem is fixed in 1.0.1. Discontinuing all sensitive keys and turning into secrets.

Key dates

02Disclosure timeline

February 2, 2024 CVE published
August 1, 2024 Record updated

Related vulnerabilities

04Related CVE