CVE-2024-37163 MEDIUM

CVE-2024-37163: SkyScrape Secure API Requests

Vendor Oslabs-Beta
Product SkyScraper
Weakness CWE-319 · Cleartext transmission
Published June 7, 2024
Last update August 2, 2024

CVSS base score

6.4/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version 1.0.0.

Key dates

02Disclosure timeline

June 7, 2024 CVE published
August 2, 2024 Record updated