The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service (Kea or BIND 9), possibly resulting in confidential data loss and/or denial of service. It should be noted that this vulnerability is not related to BIND 9 or Kea directly, and only customers using the Stork management tool are potentially affected.
This issue affects Stork versions 0.15.0 through 1.15.0.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://kb.isc.org/docs/cve-2024-28872 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: isc
Published: 2024-07-11T14:49:12.156Z
Updated: 2024-08-02T00:56:58.413Z
Reserved: 2024-03-12T11:19:12.044Z
Link: CVE-2024-28872
Vulnrichment
Updated: 2024-08-02T00:56:58.413Z
NVD
Status : Analyzed
Published: 2024-07-11T15:15:11.377
Modified: 2024-07-12T18:48:45.307
Link: CVE-2024-28872
Redhat
No data.