Home > Vulnerability Database > CVE-2024-45794

Mend.io Vulnerability Database

CVE-2024-45794

Good to know:

Date: November 7, 2024

devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user (with minimum permission) could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API (/orchestrator/user). This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: Go

Severity Score

8.3

Related Resources (5)

Url: https://github.com/devtron-labs/devtron/commit/1540271bd777b6bccd288e513a9070d8f04b6056

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45794

Url: https://github.com/devtron-labs/devtron

Url: https://github.com/devtron-labs/devtron/security/advisories/GHSA-q78v-cv36-8fxj

Url: https://www.mend.io/vulnerability-database/CVE-2024-45794

Severity Score

8.3

Weakness Type (CWE)

SQL Injection

CWE-89

Top Fix

Upgrade Version

Upgrade to version v0.7.2

Learn More

CVSS v3.1

Base Score:	8.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45794

Good to know:

Date: November 7, 2024

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?