CVE-2024-0874Use of Cache Containing Sensitive Information in Coredns Coredns

CWE-524Use of Cache Containing Sensitive Information6 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 63.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Github.com Coredns CorednsMsrc Azl3 Coredns 1.11.1-2 ON Azure Linux 3.0Msrc Azl3 Coredns 1.11.1-4 ON Azure Linux 3.0+6 more
Timeline
PublishedApr 25
Latest updateJun 4

Description

A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages9 packages

🔴Vulnerability Details

3
OSV
CoreDNS may return invalid cache entries in github.com/coredns/coredns2024-06-04
GHSA
CoreDNS may return invalid cache entries2024-04-25
OSV
CoreDNS may return invalid cache entries2024-04-25

📋Vendor Advisories

2
Microsoft
Coredns: cd bit response is cached and served later2024-04-09
Red Hat
coredns: CD bit response is cached and served later2023-07-03