CVE-2024-21623

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 2, 2024

Updated: Jan 8, 2024

CWE ID 74

Summary

CVE-2024-21623 is a vulnerability affecting OTCLient, an alternative Tibia client for otserv. Prior to the commit db560de0b56476c87a2f967466407939196dd254, the "Analysis - SonarCloud" workflow in this software was susceptible to expression injection in Actions. An attacker could exploit this flaw to execute remote commands on the runner, potentially leaking secrets or altering the repository. The commit mentioned above includes a fix for this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uAKsRL
https://www.cve.org/CVERecord?id=CVE-2024-21623
https://nvd.nist.gov/vuln/detail/CVE-2024-21623

Back to Vulnerability Database

CVE-2024-21623

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations