CVE-2024-2243

Published: Apr 10, 2024Modified: Nov 4, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers.

Affected (1)

Products: Csutils: Csmock

Csutils

1 product

Csmock

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Csutils Csmock	Before 3.5.3

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (7)

https://access.redhat.com/security/cve/CVE-2024-2243

Source: patrick@puiterwijk.org

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2267336

Source: patrick@puiterwijk.org

Issue TrackingThird Party Advisory

https://access.redhat.com/security/cve/CVE-2024-2243