Bug 2278636 (CVE-2024-20954) - CVE-2024-20954 graalvm: Unauthorized Read Access
Summary: CVE-2024-20954 graalvm: Unauthorized Read Access
Keywords:
Status: NEW
Alias: CVE-2024-20954
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2277977
TreeView+ depends on / blocked
 
Reported: 2024-05-02 13:53 UTC by Patrick Del Bello
Modified: 2025-02-06 16:42 UTC (History)
28 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:4080 0 None None None 2024-06-25 06:26:03 UTC
Red Hat Product Errata RHBA-2024:4082 0 None None None 2024-06-25 07:07:53 UTC
Red Hat Product Errata RHSA-2024:4079 0 None None None 2024-06-25 06:23:49 UTC
Red Hat Product Errata RHSA-2024:4081 0 None None None 2024-06-25 07:06:05 UTC
Red Hat Product Errata RHSA-2025:1154 0 None None None 2025-02-06 16:42:58 UTC

Description Patrick Del Bello 2024-05-02 13:53:21 UTC 
Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler).  Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and  21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

https://www.oracle.com/security-alerts/cpuapr2024.html
Comment 13 errata-xmlrpc 2024-06-25 06:23:47 UTC 
This issue has been addressed in the following products:

  Red Hat build of Quarkus 3.8 on RHEL 8

Via RHSA-2024:4079 https://access.redhat.com/errata/RHSA-2024:4079
Comment 14 errata-xmlrpc 2024-06-25 07:06:03 UTC 
This issue has been addressed in the following products:

  Red Hat build of Quarkus 3.2 on RHEL 8

Via RHSA-2024:4081 https://access.redhat.com/errata/RHSA-2024:4081
Comment 16 errata-xmlrpc 2025-02-06 16:42:56 UTC 
This issue has been addressed in the following products:

  RHINT Camel-K 1.10.9

Via RHSA-2025:1154 https://access.redhat.com/errata/RHSA-2025:1154
Note You need to log in before you can comment on or make changes to this bug.