https://bugzilla.suse.com/show_bug.cgi?id=1221845 Bug ID: 1221845 Summary: VUL-0: CVE-2024-29031: mesheryctl: An SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attack Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/398607/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: opensuse_buildservice@ojkastl.de Reporter: smash_bz@suse.de QA Contact: security-team@suse.de CC: stoyan.manolov@suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive information via the `order` parameter of `GetMeshSyncResources`. Version 0.7.17 contains a patch for this issue. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-29031 https://github.com/meshery/meshery/pull/10207 https://securitylab.github.com/advisories/GHSL-2023-249_Meshery/ https://www.cve.org/CVERecord?id=CVE-2024-29031 https://github.com/meshery/meshery/commit/8e995ce21af02d32ef61689c1e1748a745... -- You are receiving this mail because: You are on the CC list for the bug.