CVE-2024-1979

Summary

A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk.

Affected Software

VendorProductVersion RangeStatus
0 < 3.2.11affected
Red HatRed Hat build of Quarkus 3.2.11.Final3.2.11.Final-redhat-00001 < *unaffected

Weaknesses

  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Workarounds

Ensure that at least one of the preconditions is not present in your environment.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References