CVE-2024-42166

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Aug 12, 2024

Updated: Aug 29, 2024

CWE ID 78

Summary

CVE-2024-42166 is a vulnerability affecting FIWARE Keyrock versions below 8.5. The "generate_app_certificates" function in the "lib/app_certificates.js" module does not properly neutralize special elements used in OS commands. Consequently, an authenticated user with application creation permissions can exploit this weakness to execute arbitrary commands by creating a maliciously named application. This flaw poses a serious security risk and requires immediate attention from users to update their Keyrock installations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

FIWARE

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xUsbPZ
https://www.cve.org/CVERecord?id=CVE-2024-42166
https://nvd.nist.gov/vuln/detail/CVE-2024-42166

Back to Vulnerability Database

CVE-2024-42166

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations