Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2024-31141 CVE-2024-38819 |
CWE-ID | CWE-200 CWE-22 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #2 is available. |
Vulnerable software |
Red Hat Camel for Spring Boot Universal components / Libraries / Software for developers |
Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU100780
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-31141
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges within the application.
The vulnerability exists due to the way Apache Kafka Clients handles custom configurations. A remote user with access to REST API can read arbitrary files and variables on the system and escalate their privileges filesystem/environment access.
MitigationInstall updates from vendor's website.
Red Hat Camel for Spring Boot: before 4.8
CPE2.3 External linkshttp://access.redhat.com/errata/RHSA-2024:10700
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU98796
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-38819
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in applications that serve static resources through the functional web frameworks WebMvc.fn or WebFlux.fn. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall updates from vendor's website.
Red Hat Camel for Spring Boot: before 4.8
CPE2.3 External linkshttp://access.redhat.com/errata/RHSA-2024:10700
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.