CVE-2024-4436

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published May 8, 2024
CWE ID 400

Summary

A vulnerability with the CVE ID name CVE-2024-4436 has been identified in the etcd package distributed with the Red Hat OpenStack platform. This vulnerability is an incomplete fix for a previous issue, CVE-2022-41723. The problem arises because the etcd package in the Red Hat OpenStack platform uses http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, requiring an update at compile time. The risk score for this vulnerability is 25, indicating a high base severity and a potential impact on availability. Remediation includes updating the etcd package in the Red Hat OpenStack platform to address this vulnerability.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-4436 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options