cbcvebase.
CVE-2024-29031
published 2024-03-21

CVE-2024-29031: Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection…

PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.95%
56.8th percentile
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive information via the `order` parameter of `GetMeshSyncResources`. Version 0.7.17 contains a patch for this issue.

Affected

3 ranges
VendorProductVersion rangeFixed in
github.comlayer5io_meshery>= 0 < 0.7.170.7.17
layer5meshery< 0.7.170.7.17
mesherymeshery< 0.7.170.7.17
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.