CVE-2024-42167

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Aug 12, 2024
Updated: Aug 29, 2024
CWE ID 78

Summary

CVE-2024-42167 is a vulnerability affecting FIWARE Keyrock versions 8.4 and below. In the "generate_app_certificates" function of controllers/saml2/saml2.js, special elements in the organizationname parameter are not adequately neutralized, making it possible for authenticated users with app creation permissions to execute OS commands by crafting a malicious organization name. This flaw poses a significant security risk and requires immediate patching to prevent potential attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share