← back
CVE-2024-37163

SkyScrape Secure API Requests

CVSS 6.4 MEDIUMEPSS 0.2%CWE-319
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.4EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
07 Jun 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version 1.0.0.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
Affected products
oslabs-beta · SkyScraper

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j