CVE-2024-56330 CRITICAL

CVE-2024-56330: Session VNC may be accessed by other sessions on the same host in stardust

Vendor Spaceness

Product stardust

Weakness CWE-284

Published December 20, 2024

Last update December 24, 2024

View on NVD All CVEs

CVSS base score

9.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Stardust is a platform for streaming isolated desktop containers. With this exploit, inter container communication (ICC) is not disabled. This would allow users within a container to access another containers agent, therefore compromising access.The problem has been patched in any Stardust build past 12/20/24. Users are advised to upgrade. Users may also manually disable ICC if they are unable to upgrade.

Key dates

02Disclosure timeline

December 20, 2024 CVE published

December 24, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-56330

Related vulnerabilities

CVE-2024-56330: Session VNC may be accessed by other sessions on the same host in stardust

01Description

02Disclosure timeline

03References

04Related CVE