Vulnerability in Red Hat Hawtio 4.0.0 For Build Of Apache Camel 4
CVE-2024-2700
A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at b…
EPSS: 0.000 (13.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.0 (High). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Red Hat Hawtio 4.0.0 For Build Of Apache Camel 4
- Red Hat Amq Streams 2.7.0
- Red Hat Build Of Apache Camel 4 For Quarkus 3
- Red Hat Build Of Apache Camel - Hawtio 4
- Red Hat Build Of Apicurio Registry 2.6.1 Ga
- Red Hat Build Of Keycloak
- Red Hat Build Of Optaplanner 8
- Red Hat Build Of Quarkus
- Red Hat Build Of Quarkus 3.2.12.final — versions 3.2.12.Final-redhat-00001
- Red Hat Build Of Quarkus 3.8.4.redhat — versions 3.8.4.redhat-00002
Weakness classification (CWE)
Public proof-of-concept exploits
References
- RHSA-2024:11023 (vendor-advisory, x_refsource_REDHAT)
- RHSA-2024:2106 (vendor-advisory, x_refsource_REDHAT)
- RHSA-2024:2705 (vendor-advisory, x_refsource_REDHAT)
- RHSA-2024:3527 (vendor-advisory, x_refsource_REDHAT)
- RHSA-2024:4028 (vendor-advisory, x_refsource_REDHAT)
- RHSA-2024:4873 (vendor-advisory, x_refsource_REDHAT)
- access.redhat.com/security/cve/CVE-2024-2700 (vdb-entry, x_refsource_REDHAT)
- RHBZ#2273281 (issue-tracking, x_refsource_REDHAT)
Frequently asked questions
- What is CVE-2024-2700?
- CVE-2024-2700 is a high-severity vulnerability in Red Hat Hawtio 4.0.0 For Build Of Apache Camel 4, classified under CWE-526. CVSS score: 7.0/10. Published 2024-04-04.
- How severe is CVE-2024-2700?
- High severity. CVSS v3 base score is 7.0 out of 10.
- Is CVE-2024-2700 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.