{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0874", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-01-24T23:42:08.424Z", "datePublished": "2024-04-25T16:22:44.182Z", "dateUpdated": "2024-11-13T10:42:48.831Z"}, "containers": {"cna": {"title": "Coredns: cd bit response is cached and served later", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching."}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "1.11.2", "versionType": "semver"}], "packageName": "coredns", "collectionURL": "https://github.com/coredns/coredns", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.13", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-coredns", "defaultStatus": "affected", "versions": [{"version": "v4.13.0-202408260940.p0.ge70f097.assembly.stream.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.14", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-coredns", "defaultStatus": "affected", "versions": [{"version": "v4.14.0-202408260910.p0.gfdd6037.assembly.stream.el8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.15", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-coredns-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-202407230407.p0.g1326282.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-coredns-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.16.0-202406131906.p0.g04d84f7.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.16::el9"]}, {"vendor": "Red Hat", "product": "Logging Subsystem for Red Hat OpenShift", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openshift-logging/logging-loki-rhel8", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:logging:5"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhacm2/lighthouse-agent-rhel8", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:acm:2"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:0041", "name": "RHSA-2024:0041", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4850", "name": "RHSA-2024:4850", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6009", "name": "RHSA-2024:6009", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6406", "name": "RHSA-2024:6406", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-0874", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219234", "name": "RHBZ#2219234", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/coredns/coredns/issues/6186"}, {"url": "https://github.com/coredns/coredns/pull/6354"}], "datePublic": "2023-07-03T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-524", "description": "Use of Cache Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-524: Use of Cache Containing Sensitive Information", "timeline": [{"lang": "en", "time": "2023-07-03T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-07-03T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "This issue was discovered by Petr Mensik (Red Hat)."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-13T10:42:48.831Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-13T20:18:31.995445Z", "id": "CVE-2024-0874", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-13T20:18:37.906Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:18:18.998Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:0041", "name": "RHSA-2024:0041", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-0874", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219234", "name": "RHBZ#2219234", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://github.com/coredns/coredns/issues/6186", "tags": ["x_transferred"]}, {"url": "https://github.com/coredns/coredns/pull/6354", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:0041", "name": "RHSA-2024:0041", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-0874", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219234", "name": "RHBZ#2219234", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://github.com/coredns/coredns/issues/6186", "tags": ["x_transferred"]}, {"url": "https://github.com/coredns/coredns/pull/6354", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:18:18.998Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0874", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-13T20:18:31.995445Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-13T20:18:35.451Z"}}], "cna": {"title": "Coredns: cd bit response is cached and served later", "credits": [{"lang": "en", "value": "This issue was discovered by Petr Mensik (Red Hat)."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "lessThan": "1.11.2", "versionType": "semver"}], "packageName": "coredns", "collectionURL": "https://github.com/coredns/coredns", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:openshift:4.13::el8", "cpe:/a:redhat:openshift:4.13::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.13", "versions": [{"status": "unaffected", "version": "v4.13.0-202408260940.p0.ge70f097.assembly.stream.el8", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift4/ose-coredns", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.14", "versions": [{"status": "unaffected", "version": "v4.14.0-202408260910.p0.gfdd6037.assembly.stream.el8", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift4/ose-coredns", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.15", "versions": [{"status": "unaffected", "version": "v4.15.0-202407230407.p0.g1326282.assembly.stream.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift4/ose-coredns-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.16::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "versions": [{"status": "unaffected", "version": "v4.16.0-202406131906.p0.g04d84f7.assembly.stream.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift4/ose-coredns-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5"], "vendor": "Red Hat", "product": "Logging Subsystem for Red Hat OpenShift", "packageName": "openshift-logging/logging-loki-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:acm:2"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "packageName": "rhacm2/lighthouse-agent-rhel8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2023-07-03T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-07-03T00:00:00+00:00", "value": "Made public."}], "datePublic": "2023-07-03T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:0041", "name": "RHSA-2024:0041", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:4850", "name": "RHSA-2024:4850", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6009", "name": "RHSA-2024:6009", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:6406", "name": "RHSA-2024:6406", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-0874", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219234", "name": "RHBZ#2219234", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/coredns/coredns/issues/6186"}, {"url": "https://github.com/coredns/coredns/pull/6354"}], "descriptions": [{"lang": "en", "value": "A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-524", "description": "Use of Cache Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-13T10:42:48.831Z"}, "x_redhatCweChain": "CWE-524: Use of Cache Containing Sensitive Information"}}, "cveMetadata": {"cveId": "CVE-2024-0874", "state": "PUBLISHED", "dateUpdated": "2024-11-13T10:42:48.831Z", "dateReserved": "2024-01-24T23:42:08.424Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-04-25T16:22:44.182Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en coredns. Este problema podr\u00eda provocar que se devuelvan entradas de cach\u00e9 no v\u00e1lidas debido a un almacenamiento en cach\u00e9 implementado incorrectamente."}], "id": "CVE-2024-0874", "lastModified": "2024-11-21T08:47:34.687", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2024-04-25T17:15:47.083", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0041"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:4850"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:6009"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:6406"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-0874"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219234"}, {"source": "secalert@redhat.com", "url": "https://github.com/coredns/coredns/issues/6186"}, {"source": "secalert@redhat.com", "url": "https://github.com/coredns/coredns/pull/6354"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/security/cve/CVE-2024-0874"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219234"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/coredns/coredns/issues/6186"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/coredns/coredns/pull/6354"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-524"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Petr Mensik (Red Hat).", "affected_release": [{"advisory": "RHSA-2024:6009", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-coredns:v4.13.0-202408260940.p0.ge70f097.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2024-09-04T00:00:00Z"}, {"advisory": "RHSA-2024:6406", "cpe": "cpe:/a:redhat:openshift:4.14::el8", "package": "openshift4/ose-coredns:v4.14.0-202408260910.p0.gfdd6037.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:4850", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "openshift4/ose-coredns-rhel9:v4.15.0-202407230407.p0.g1326282.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2024-07-31T00:00:00Z"}, {"advisory": "RHSA-2024:0041", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-coredns-rhel9:v4.16.0-202406131906.p0.g04d84f7.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-06-27T00:00:00Z"}], "bugzilla": {"description": "coredns: CD bit response is cached and served later", "id": "2219234", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219234"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified"}, "cwe": "CWE-524", "details": ["A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.", "A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching."], "name": "CVE-2024-0874", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "impact": "low", "package_name": "openshift-logging/logging-loki-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Will not fix", "package_name": "rhacm2/lighthouse-agent-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}], "public_date": "2023-07-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-0874\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0874\nhttps://github.com/coredns/coredns/issues/6186\nhttps://github.com/coredns/coredns/pull/6354"], "threat_severity": "Moderate"}