Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-pjvk-1xxm-87d8
Summary
Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.
Aliases
0
alias CVE-2024-3177
1
alias GHSA-pxhw-596r-rwq5
Fixed_packages
0
url pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1?distro=trixie
purl pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42kp-8t9h-dfat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.20.5%252Breally1.20.2-1%3Fdistro=trixie
1
url pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1.1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1.1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.20.5%252Breally1.20.2-1.1%252Bdeb12u1%3Fdistro=trixie
2
url pkg:deb/debian/kubernetes@1.32.3%2Bds-2?distro=trixie
purl pkg:deb/debian/kubernetes@1.32.3%2Bds-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.32.3%252Bds-2%3Fdistro=trixie
3
url pkg:deb/debian/kubernetes@1.33.4%2Bds-1?distro=trixie
purl pkg:deb/debian/kubernetes@1.33.4%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.33.4%252Bds-1%3Fdistro=trixie
4
url pkg:golang/k8s.io/kubernetes@1.27.13
purl pkg:golang/k8s.io/kubernetes@1.27.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.27.13
5
url pkg:golang/k8s.io/kubernetes@1.28.9
purl pkg:golang/k8s.io/kubernetes@1.28.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.28.9
6
url pkg:golang/k8s.io/kubernetes@1.29.4
purl pkg:golang/k8s.io/kubernetes@1.29.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.29.4
Affected_packages
0
url pkg:rpm/redhat/microshift@4.16.0-202406260523.p0.gc5a37df.assembly.4.16.0?arch=el9
purl pkg:rpm/redhat/microshift@4.16.0-202406260523.p0.gc5a37df.assembly.4.16.0?arch=el9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f8ak-21d8-juff
1
vulnerability VCID-pjvk-1xxm-87d8
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/microshift@4.16.0-202406260523.p0.gc5a37df.assembly.4.16.0%3Farch=el9
1
url pkg:rpm/redhat/openshift@4.14.0-202404231437.p0.g401bb48.assembly.stream?arch=el8
purl pkg:rpm/redhat/openshift@4.14.0-202404231437.p0.g401bb48.assembly.stream?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pjvk-1xxm-87d8
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift@4.14.0-202404231437.p0.g401bb48.assembly.stream%3Farch=el8
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3177.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3177.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-3177
reference_id
reference_type
scores
0
value 0.06395
scoring_system epss
scoring_elements 0.91066
published_at 2026-04-24T12:55:00Z
1
value 0.06395
scoring_system epss
scoring_elements 0.91013
published_at 2026-04-08T12:55:00Z
2
value 0.06395
scoring_system epss
scoring_elements 0.91053
published_at 2026-04-21T12:55:00Z
3
value 0.06395
scoring_system epss
scoring_elements 0.9105
published_at 2026-04-18T12:55:00Z
4
value 0.06395
scoring_system epss
scoring_elements 0.91052
published_at 2026-04-16T12:55:00Z
5
value 0.06395
scoring_system epss
scoring_elements 0.91027
published_at 2026-04-13T12:55:00Z
6
value 0.06395
scoring_system epss
scoring_elements 0.91019
published_at 2026-04-09T12:55:00Z
7
value 0.06395
scoring_system epss
scoring_elements 0.90981
published_at 2026-04-02T12:55:00Z
8
value 0.06395
scoring_system epss
scoring_elements 0.90991
published_at 2026-04-04T12:55:00Z
9
value 0.06395
scoring_system epss
scoring_elements 0.91001
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-3177
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3177
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3177
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/advisories/GHSA-pxhw-596r-rwq5
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-pxhw-596r-rwq5
5
reference_url https://github.com/kubernetes/kubernetes
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes
6
reference_url https://github.com/kubernetes/kubernetes/commit/7c861b1ecad97e1ab9332c970c9294a72065111a
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/commit/7c861b1ecad97e1ab9332c970c9294a72065111a
7
reference_url https://github.com/kubernetes/kubernetes/commit/a619ca3fd3ee3c222d9df784622020de398076d2
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/commit/a619ca3fd3ee3c222d9df784622020de398076d2
8
reference_url https://github.com/kubernetes/kubernetes/commit/f9fb6cf52a769a599a45e700375115c2ecc86e9b
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/commit/f9fb6cf52a769a599a45e700375115c2ecc86e9b
9
reference_url https://github.com/kubernetes/kubernetes/issues/124336
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T00:12:31Z/
url https://github.com/kubernetes/kubernetes/issues/124336
10
reference_url https://groups.google.com/g/kubernetes-security-announce/c/JxjHf7fkVd8/m/oVCzypyOAQAJ
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T00:12:31Z/
url https://groups.google.com/g/kubernetes-security-announce/c/JxjHf7fkVd8/m/oVCzypyOAQAJ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL54MTLGMTBZZO5PYGEGEBERTMADC4WC
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL54MTLGMTBZZO5PYGEGEBERTMADC4WC
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3177
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-3177
14
reference_url https://pkg.go.dev/vuln/GO-2024-2746
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2024-2746
15
reference_url http://www.openwall.com/lists/oss-security/2024/04/16/4
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/04/16/4
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2274118
reference_id 2274118
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2274118
17
reference_url https://access.redhat.com/errata/RHSA-2024:0043
reference_id RHSA-2024:0043
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0043
18
reference_url https://access.redhat.com/errata/RHSA-2024:2054
reference_id RHSA-2024:2054
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2054
Weaknesses
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
1
cwe_id 213
name Exposure of Sensitive Information Due to Incompatible Policies
description The product's intended functionality exposes information to certain actors in accordance with the developer's security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product's administrator, users, or others whose information is being processed.
Exploits
Severity_range_score0.1 - 3
Exploitability0.5
Weighted_severity2.7
Risk_score1.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-pjvk-1xxm-87d8