VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-1dxg-7s2c-aaap

Essentials
Severities (113)
References (35)
Severity details (25)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-1dxg-7s2c-aaap
Aliases	CVE-2024-28834 GNUTLS-SA-2023-12-04
Summary	A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
Status	Published
Exploitability	0.5
Weighted Severity	4.8
Risk	2.4
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-327	Use of a Broken or Risky Cryptographic Algorithm

System	Score	Found at
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:1784
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1784
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:1879
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1879
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:1997
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:1997
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:2044
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:2044
cvssv3.1	5	https://access.redhat.com/errata/RHSA-2024:2570
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:2570
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:2570
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:2570
cvssv3.1	5.3	https://access.redhat.com/errata/RHSA-2024:2889
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:2889
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28834.json
cvssv3.1	5.3	https://access.redhat.com/security/cve/CVE-2024-28834
ssvc	Track	https://access.redhat.com/security/cve/CVE-2024-28834
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00334	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.00349	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01007	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01007	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01007	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01007	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.01138	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
epss	0.0117	https://api.first.org/data/v1/epss?cve=CVE-2024-28834
cvssv3.1	5.3	https://bugzilla.redhat.com/show_bug.cgi?id=2269228
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2269228
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.3	https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
ssvc	Track	https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
cvssv3.1	5.3	https://minerva.crocs.fi.muni.cz/
generic_textual	Medium	https://minerva.crocs.fi.muni.cz/
ssvc	Track	https://minerva.crocs.fi.muni.cz/

Reference id	Reference type	URL
		https://access.redhat.com/errata/RHSA-2024:1784
		https://access.redhat.com/errata/RHSA-2024:1879
		https://access.redhat.com/errata/RHSA-2024:2889
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28834.json
		https://access.redhat.com/security/cve/CVE-2024-28834
		https://api.first.org/data/v1/epss?cve=CVE-2024-28834
		https://bugzilla.redhat.com/show_bug.cgi?id=2269228
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28834
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html
		https://minerva.crocs.fi.muni.cz/
		https://people.redhat.com/~hkario/marvin/
		https://security.netapp.com/advisory/ntap-20240524-0004/
		http://www.openwall.com/lists/oss-security/2024/03/22/1
		http://www.openwall.com/lists/oss-security/2024/03/22/2
1067464		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067464
cpe:/a:redhat:enterprise_linux:8::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:9::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:rhel_eus:8.6::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::appstream
cpe:/a:redhat:rhel_eus:8.8::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream
cpe:/a:redhat:rhel_eus:9.2::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream
cpe:/o:redhat:enterprise_linux:10		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos
cpe:/o:redhat:enterprise_linux:9::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
cpe:/o:redhat:rhel_eus:8.6::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.6::baseos
cpe:/o:redhat:rhel_eus:8.8::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos
cpe:/o:redhat:rhel_eus:9.2::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos
CVE-2024-28834		https://nvd.nist.gov/vuln/detail/CVE-2024-28834
RHSA-2024:1997		https://access.redhat.com/errata/RHSA-2024:1997
RHSA-2024:2044		https://access.redhat.com/errata/RHSA-2024:2044
RHSA-2024:2570		https://access.redhat.com/errata/RHSA-2024:2570
USN-6733-1		https://usn.ubuntu.com/6733-1/
USN-6733-2		https://usn.ubuntu.com/6733-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:1784

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:20:34Z/ Found at https://access.redhat.com/errata/RHSA-2024:1784

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:1879

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:20:34Z/ Found at https://access.redhat.com/errata/RHSA-2024:1879

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:1997

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:20:34Z/ Found at https://access.redhat.com/errata/RHSA-2024:1997

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:2044

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:20:34Z/ Found at https://access.redhat.com/errata/RHSA-2024:2044

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2024:2570

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:2570

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:20:34Z/ Found at https://access.redhat.com/errata/RHSA-2024:2570

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:00:08Z/ Found at https://access.redhat.com/errata/RHSA-2024:2570

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2024:2889

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:20:34Z/ Found at https://access.redhat.com/errata/RHSA-2024:2889

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28834.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/security/cve/CVE-2024-28834

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:20:34Z/ Found at https://access.redhat.com/security/cve/CVE-2024-28834

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2269228

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:20:34Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2269228

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:20:34Z/ Found at https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://minerva.crocs.fi.muni.cz/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T18:20:34Z/ Found at https://minerva.crocs.fi.muni.cz/

Exploit Prediction Scoring System (EPSS)

Percentile	0.14083
EPSS Score	0.00044
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-04-23T17:19:21.181712+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2024-28834	34.0.0rc4