CVE-2024-42370

CVSS 3.1 Score 8.3 of 10 (high)

Details

Published Aug 12, 2024

CWE ID 78

Summary

CVE-2024-42370 is a vulnerability affecting Litestar, an Asynchronous Server Gateway Interface (ASGI) framework. In versions 2.10.0 and older, the framework's `docs-preview.yml` workflow is susceptible to Environment Variable injection. This issue grants malicious actors permission to write issues, read metadata, and write pull requests. Additionally, the `DOCS_PREVIEW_DEPLOY_TOKEN` is exposed, increasing the risk of secret exfiltration and repository manipulation. Mitigation is available through the commit 84d351e96aaa2a1338006d6e7221eded161f517b, which addresses this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xWCoI2
https://www.cve.org/CVERecord?id=CVE-2024-42370
https://nvd.nist.gov/vuln/detail/CVE-2024-42370

Back to Vulnerability Database

CVE-2024-42370

CVSS 3.1 Score 8.3 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations