CVE-2024-42167
CVSS 3.1 Score 7.2 of 10 (high)
Details
Published Aug 12, 2024
Updated: Aug 29, 2024
CWE ID 78
Summary
CVE-2024-42167 is a vulnerability affecting FIWARE Keyrock versions 8.4 and below. In the "generate_app_certificates" function of controllers/saml2/saml2.js, special elements in the organizationname parameter are not adequately neutralized, making it possible for authenticated users with app creation permissions to execute OS commands by crafting a malicious organization name. This flaw poses a significant security risk and requires immediate patching to prevent potential attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- FIWARE