arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results.yml` workflow (`GHSL-2024-169`) and environment Variable injection (`GHSL-2024-170`). These issue have been addressed but users are advised to verify the contents of the downloaded artifacts.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Arduino
Arduino arduino Core |
|
CPEs | cpe:2.3:a:arduino:arduino_core:*:*:*:*:*:*:*:* | |
Vendors & Products |
Arduino
Arduino arduino Core |
|
Metrics |
ssvc
|
Tue, 17 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results.yml` workflow (`GHSL-2024-169`) and environment Variable injection (`GHSL-2024-170`). These issue have been addressed but users are advised to verify the contents of the downloaded artifacts. | |
Title | Multiple Poisoned Pipeline Execution (PPE) vulnerabilities | |
Weaknesses | CWE-20 CWE-78 CWE-94 |
|
References |
|
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-09-17T18:08:57.112Z
Updated: 2024-09-18T13:29:01.480Z
Reserved: 2024-09-09T14:23:07.503Z
Link: CVE-2024-45798
Vulnrichment
Updated: 2024-09-18T13:28:46.585Z
NVD
Status : Awaiting Analysis
Published: 2024-09-17T19:15:28.457
Modified: 2024-09-20T12:30:51.220
Link: CVE-2024-45798
Redhat
No data.