Overview
- Description
- devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user (with minimum permission) could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API (/orchestrator/user). This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 8.3
- Impact score
- 5.5
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
- Severity
- HIGH
Weaknesses
- security-advisories@github.com
- CWE-89
Social media
- Hype score
- Not currently trending
CVE-2024-45794 SQL Injection Vulnerability in Devtron CreateUser API - Update Now! Devtron is an open source tool for Kubernetes. In some versions, a user with low permissions can use SQL Injection through the Cr... https://t.co/ac02dHpCMf
@VulmonFeeds
7 Nov 2024
48 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
[CVE-2024-45794: HIGH] Critical vulnerability in Devtron Kubernetes integration platform allows SQL Injection via CreateUser API. Users are urged to update to version 0.7.2 to address this issue promptly.#cybersecurity,#vulnerability https://t.co/4rVpPR5bGK https://t.co/gES1q4rtt
@CveFindCom
7 Nov 2024
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes