CVE-2024-34079

Published: May 10, 2024

Modified: Aug 2, 2024

PUBLISHED

CVSS v3.1

3.7

LOW

Description

octo-sts is a GitHub App that acts like a Security Token Service (STS) for the Github API. This vulnerability can spike the resource utilization of the STS service, and combined with a significant traffic volume could potentially lead to a denial of service. This vulnerability is fixed in 0.1.0

Vendor	Product	Versions
octo-sts	app	affected `< 0.1.0`

Weaknesses (CWE)

CWE-400

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

https://github.com/octo-sts/app/security/advisories/GHSA-75r6-6jg8-pfcq

x_refsource_CONFIRM

https://github.com/octo-sts/app/commit/74ba874c017cf973edd6711144cf4399a9fcff57

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-34079

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References