{"id":"CVE-2024-2243","details":"A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers.","modified":"2026-01-09T19:14:08.989938Z","published":"2024-04-10T11:15:49.443Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5MJC7U2ZKXUZWELQUJSN56WL5IM4MDR/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIBNRL3LTG747DNWTBCPRSNRPKOBANMX/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3HF6YTEGGW3SWB4V7JUVIRCXIBRHR7A/"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2024-2243"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2267336"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/csutils/csmock","events":[{"introduced":"0"},{"fixed":"b3503d48696cb2ec8eb2fb379fb57c141f08e8da"}]}],"versions":["csmock-1.0.0","csmock-1.0.1","csmock-1.0.2","csmock-1.0.3","csmock-1.0.4","csmock-1.0.5","csmock-1.0.6","csmock-1.0.7","csmock-1.0.8","csmock-1.0.9","csmock-1.1.0","csmock-1.1.1","csmock-1.2.0","csmock-1.2.1","csmock-1.2.2","csmock-1.2.3","csmock-1.3.0","csmock-1.3.1","csmock-1.3.2","csmock-1.4.0","csmock-1.4.1","csmock-1.5.0","csmock-1.5.1","csmock-1.6.0","csmock-1.6.1","csmock-1.6.2","csmock-1.7.0","csmock-1.7.1","csmock-1.7.2","csmock-1.8.0","csmock-1.8.1","csmock-1.8.2","csmock-1.8.3","csmock-1.9.0","csmock-1.9.1","csmock-1.9.2","csmock-2.0.0","csmock-2.0.1","csmock-2.0.2","csmock-2.0.3","csmock-2.0.4","csmock-2.1.0","csmock-2.1.1","csmock-2.2.0","csmock-2.2.1","csmock-2.3.0","csmock-2.4.0","csmock-2.5.0","csmock-2.6.0","csmock-2.7.0","csmock-2.7.1","csmock-2.8.0","csmock-2.9.0","csmock-3.0.0","csmock-3.1.0","csmock-3.2.0","csmock-3.3.0","csmock-3.3.1","csmock-3.3.2","csmock-3.3.3","csmock-3.3.4","csmock-3.3.5","csmock-3.4.0","csmock-3.4.1","csmock-3.4.2","csmock-3.5.0","csmock-3.5.1","csmock-3.5.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-2243.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}