CVE-2024-2243

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-2243

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-2243.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-2243

Published

2024-04-10T11:15:49.443Z

Modified

2026-04-10T05:09:49.262763Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers.

References

Affected packages

Git / github.com/csutils/csmock

Affected ranges

Type

GIT

Repo

https://github.com/csutils/csmock

Events

Introduced

Fixed

b3503d48696cb2ec8eb2fb379fb57c141f08e8da

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.5.3"
        }
    ]
}

Affected versions

csmock-1.*

csmock-1.0.0

csmock-1.0.1

csmock-1.0.2

csmock-1.0.3

csmock-1.0.4

csmock-1.0.5

csmock-1.0.6

csmock-1.0.7

csmock-1.0.8

csmock-1.0.9

csmock-1.1.0

csmock-1.1.1

csmock-1.2.0

csmock-1.2.1

csmock-1.2.2

csmock-1.2.3

csmock-1.3.0

csmock-1.3.1

csmock-1.3.2

csmock-1.4.0

csmock-1.4.1

csmock-1.5.0

csmock-1.5.1

csmock-1.6.0

csmock-1.6.1

csmock-1.6.2

csmock-1.7.0

csmock-1.7.1

csmock-1.7.2

csmock-1.8.0

csmock-1.8.1

csmock-1.8.2

csmock-1.8.3

csmock-1.9.0

csmock-1.9.1

csmock-1.9.2

csmock-2.*

csmock-2.0.0

csmock-2.0.1

csmock-2.0.2

csmock-2.0.3

csmock-2.0.4

csmock-2.1.0

csmock-2.1.1

csmock-2.2.0

csmock-2.2.1

csmock-2.3.0

csmock-2.4.0

csmock-2.5.0

csmock-2.6.0

csmock-2.7.0

csmock-2.7.1

csmock-2.8.0

csmock-2.9.0

csmock-3.*

csmock-3.0.0

csmock-3.1.0

csmock-3.2.0

csmock-3.3.0

csmock-3.3.1

csmock-3.3.2

csmock-3.3.3

csmock-3.3.4

csmock-3.3.5

csmock-3.4.0

csmock-3.4.1

csmock-3.4.2

csmock-3.5.0

csmock-3.5.1

csmock-3.5.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-2243.json"