CVE-2024-45049

Summary

CVE-2024-45049 is a high-severity vulnerability affecting the Hydra Continuous Integration service for Nix-based projects, which allows unauthenticated users to trigger evaluations that can severely impact system availability. To remediate this issue, users are advised to apply the fix provided in the specified GitHub commit or upgrade their Hydra packages. For those unable to upgrade, it is recommended to deny access to the /api/push route via a reverse proxy, although this will disable the "Evaluate jobset" functionality in the frontend. The vulnerability has a base score of 7.5 and an availability impact rating of high, indicating that exploitation could lead to significant disruption for organizations using this service. The vulnerability requires no privileges or user interaction for exploitation, making it particularly concerning.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.