CVE-2024-1485

CVSS 3.1 Score 8.0 of 10 (high)

Details

Published Feb 14, 2024
Updated: Feb 22, 2024
CWE ID 23

Summary

CVE-2024-1485 is a high-severity vulnerability that affects the decompression function of registry-support. This vulnerability can be exploited by an unauthenticated remote attacker who tricks a user into parsing a devfile containing the 'parent' or 'plugin' keywords. Once triggered, this flaw could allow the attacker to download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be permitted. The impact score of this vulnerability is 5.8 out of 10, indicating a significant potential danger to organizations. It requires user interaction and has a network-based attack vector. Organizations should apply remediation measures promptly to mitigate the risk posed by this vulnerability.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-1485 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options