Search criteria
2 vulnerabilities found for SkyScraper by oslabs-beta
CVE-2024-37163 (GCVE-0-2024-37163)
Vulnerability from nvd – Published: 2024-06-07 16:09 – Updated: 2024-08-02 03:50
VLAI
Title
SkyScrape Secure API Requests
Summary
SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version 1.0.0.
Severity
6.4 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/oslabs-beta/SkyScraper/securit… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| oslabs-beta | SkyScraper |
Affected:
= 1.0.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T19:36:14.431973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T16:11:47.886Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:54.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SkyScraper",
"vendor": "oslabs-beta",
"versions": [
{
"status": "affected",
"version": "= 1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape\u0027s API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user\u0027s temporary credentials and data. This affects version 1.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T16:09:07.437Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j"
}
],
"source": {
"advisory": "GHSA-vfqg-qhm5-5m3j",
"discovery": "UNKNOWN"
},
"title": "SkyScrape Secure API Requests"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37163",
"datePublished": "2024-06-07T16:09:07.437Z",
"dateReserved": "2024-06-03T17:29:38.329Z",
"dateUpdated": "2024-08-02T03:50:54.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37163 (GCVE-0-2024-37163)
Vulnerability from cvelistv5 – Published: 2024-06-07 16:09 – Updated: 2024-08-02 03:50
VLAI
Title
SkyScrape Secure API Requests
Summary
SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version 1.0.0.
Severity
6.4 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/oslabs-beta/SkyScraper/securit… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| oslabs-beta | SkyScraper |
Affected:
= 1.0.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T19:36:14.431973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T16:11:47.886Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:54.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SkyScraper",
"vendor": "oslabs-beta",
"versions": [
{
"status": "affected",
"version": "= 1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape\u0027s API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user\u0027s temporary credentials and data. This affects version 1.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T16:09:07.437Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j"
}
],
"source": {
"advisory": "GHSA-vfqg-qhm5-5m3j",
"discovery": "UNKNOWN"
},
"title": "SkyScrape Secure API Requests"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37163",
"datePublished": "2024-06-07T16:09:07.437Z",
"dateReserved": "2024-06-03T17:29:38.329Z",
"dateUpdated": "2024-08-02T03:50:54.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}