What is CVE-2024-0874?

CVE-2024-0874 is a medium-severity vulnerability in Red Hat Logging Subsystem For Openshift, classified under Use of Cache Containing Sensitive Information. CVSS score: 5.3/10. Published 2024-04-25.

How severe is CVE-2024-0874?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Is CVE-2024-0874 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Red Hat Logging Subsystem For Openshift

CVE-2024-0874

A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.

EPSS: 0.002 (43.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Red Hat Logging Subsystem For Openshift
Red Hat Advanced Cluster Management For Kubernetes 2
Red Hat Openshift Container Platform 4.13 — versions v4.13.0-202408260940.p0.ge70f097.assembly.stream.el8
Red Hat Openshift Container Platform 4.14 — versions v4.14.0-202408260910.p0.gfdd6037.assembly.stream.el8
Red Hat Openshift Container Platform 4.15 — versions v4.15.0-202407230407.p0.g1326282.assembly.stream.el9
Red Hat Openshift Container Platform 4.16 — versions v4.16.0-202406131906.p0.g04d84f7.assembly.stream.el9

Weakness classification (CWE)

CWE-524 — Use of Cache Containing Sensitive Information

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

RHSA-2024:0041 (vendor-advisory, x_refsource_REDHAT)
RHSA-2024:4850 (vendor-advisory, x_refsource_REDHAT)
RHSA-2024:6009 (vendor-advisory, x_refsource_REDHAT)
RHSA-2024:6406 (vendor-advisory, x_refsource_REDHAT)
access.redhat.com/security/cve/CVE-2024-0874 (vdb-entry, x_refsource_REDHAT)
RHBZ#2219234 (issue-tracking, x_refsource_REDHAT)
github.com/coredns/coredns/issues/6186
github.com/coredns/coredns/pull/6354

Frequently asked questions

What is CVE-2024-0874?: CVE-2024-0874 is a medium-severity vulnerability in Red Hat Logging Subsystem For Openshift, classified under Use of Cache Containing Sensitive Information. CVSS score: 5.3/10. Published 2024-04-25.
How severe is CVE-2024-0874?: Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2024-0874 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.