A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time. Some local environment variables may have been set by the developer or CI environment for testing purposes, such as dropping the database during application startup or trusting all TLS certificates to accept self-signed certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, which can lead to dangerous behavior if the application does not override these values. This behavior only happens for configuration properties from the `quarkus.*` namespace. Application-specific properties are not captured.
Metrics
Affected Vendors & Products
References
History
Thu, 12 Dec 2024 22:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:rhboac_hawtio:4.0.0 | |
References |
|
Thu, 19 Sep 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 18 Sep 2024 08:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:build_keycloak: |
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-04-04T13:46:39.956Z
Updated: 2024-12-12T21:40:37.572Z
Reserved: 2024-03-20T01:39:49.992Z
Link: CVE-2024-2700
Vulnrichment
Updated: 2024-08-01T19:18:48.249Z
NVD
Status : Awaiting Analysis
Published: 2024-04-04T14:15:09.950
Modified: 2024-12-12T22:15:07.877
Link: CVE-2024-2700
Redhat