Base Score

LOW3.7

CVE-2024-34079

octo-sts is a GitHub App that acts like a Security Token Service (STS) for the Github API. This vulnerability can spike the resource utilization of the STS service, and combined with a significant traffic volume could potentially lead to a denial of service. This vulnerability is fixed in 0.1.0

VectorNETWORK

Published Bysecurity-advisories@github.com

Published DateMay 14, 2024, 15:38

Affected Versions(1)

github.com/octo-sts/app(Go)

Introduced0

Fixed0.1.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/octo-sts/app(Go)	0	0.1.0	N/A

Weakness Type (CWE):CWE-400

CVSS Metrics

Base Score

3.7

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Severity

LOW

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

LOW

References

Base Score

LOW3.7

Weakness Type (CWE):CWE-400

CVSS Metrics

Base Score

3.7

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Severity

LOW

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

LOW