CVE-2024-0874

MEDIUM

CoreDNS < 1.11.2 - Use of Cache Containing Sensitive Information

Title source: llm
STIX 2.1

Description

A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.

References (8)

Core 8
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:0041
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:4850
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:6009
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:6406
Vendor Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2024-0874
Issue Tracking issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2219234

Scores

CVSS v3 5.3
EPSS 0.0021
EPSS Percentile 43.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-524
Status published
Products (7)
coredns/coredns 0 - 1.11.2Go
Red Hat/Logging Subsystem for Red Hat OpenShift
Red Hat/Red Hat Advanced Cluster Management for Kubernetes 2
Red Hat/Red Hat OpenShift Container Platform 4.13 v4.13.0-202408260940.p0.ge70f097.assembly.stream.el8
Red Hat/Red Hat OpenShift Container Platform 4.14 v4.14.0-202408260910.p0.gfdd6037.assembly.stream.el8
Red Hat/Red Hat OpenShift Container Platform 4.15 v4.15.0-202407230407.p0.g1326282.assembly.stream.el9
Red Hat/Red Hat OpenShift Container Platform 4.16 v4.16.0-202406131906.p0.g04d84f7.assembly.stream.el9
Published Apr 25, 2024
Tracked Since Feb 18, 2026