Resource exhaustion in Stacklok Minder

CVE-2024-34084

Minder's `HandleGithubWebhook` is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.006 (43.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-34084?
CVE-2024-34084 is a high-severity vulnerability in Stacklok Minder, classified under Uncontrolled Resource Consumption. CVSS score: 7.5/10. Published 2024-05-07.
How severe is CVE-2024-34084?
High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2024-34084 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.