CVE-2024-37163

MEDIUM

Opensourcelabs Skyscraper - Cleartext Transmission

Title source: rule

Description

SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version 1.0.0.

References (1)

[Vendor Advisory] https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j

Scores

CVSS v3 6.4

EPSS 0.0020

EPSS Percentile 42.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-319

Status published

Products (1)

opensourcelabs/skyscraper 1.0.0

Published Jun 07, 2024

Tracked Since Feb 18, 2026