CVE-2024-36248

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Nov 26, 2024
CWE ID 798

Summary

CVE-2024-36248 reveals a vulnerability where API keys for certain cloud services are embedded in the "main" binary. This issue poses a significant risk as the keys are not configurable and are accessible to anyone with access to the binary. The exact products affected have not been specified in this alert; for more details, consult the vendor notices listed in the references.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share