CVE-2024-8421 - Vulnerability Details

Description

Red Hat Product Security has come to the conclusion that this CVE is not needed.

Published: 2024-10-01

Score: 0.0 Low

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

No data.

Package	CPE	Advisory	Released Date
RHODF-4.16-RHEL-9
odf4/odf-rhel9-operator:v4.16.2-2	cpe:/a:redhat:openshift_data_foundation:4.16::el9	RHSA-2024:6755	2024-09-18T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Physical

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2024-8421
https://www.cve.org/CVERecord?id=CVE-2024-8421

History

Wed, 30 Oct 2024 22:30:00 +0000

Type	Values Removed	Values Added
References	https://access.redhat.com/errata/RHSA-2024:6755 https://access.redhat.com/security/cve/CVE-2024-8421 https://bugzilla.redhat.com/show_bug.cgi?id=2309710

Wed, 30 Oct 2024 21:45:00 +0000

Type	Values Removed	Values Added
Description	This CVE has been rejected.	Red Hat Product Security has come to the conclusion that this CVE is not needed.
Title	Golang.org/x/net/http2: multiple http/2 enabled web servers (rapid reset attack)	golang.org/x/net/http2: Multiple HTTP/2 enabled web servers (Rapid Reset Attack)

Tue, 01 Oct 2024 06:00:00 +0000

Type	Values Removed	Values Added
Description	No description is available for this CVE.	This CVE has been rejected.
Title	golang.org/x/net/http2: Multiple HTTP/2 enabled web servers (Rapid Reset Attack)	Golang.org/x/net/http2: multiple http/2 enabled web servers (rapid reset attack)
References		https://access.redhat.com/errata/RHSA-2024:6755 https://access.redhat.com/security/cve/CVE-2024-8421 https://bugzilla.redhat.com/show_bug.cgi?id=2309710

Wed, 18 Sep 2024 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat openshift Data Foundation
CPEs		cpe:/a:redhat:openshift_data_foundation:4.16::el9
Vendors & Products		Redhat Redhat openshift Data Foundation

Fri, 13 Sep 2024 02:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Important`	cvssV3_1 `{'score': 0.0, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N'}` threat_severity `Low`

Thu, 12 Sep 2024 02:15:00 +0000

Type	Values Removed	Values Added
References	https://pkg.go.dev/vuln/GO-2023-2102

Fri, 06 Sep 2024 13:45:00 +0000

Type	Values Removed	Values Added
Title	golang.org/x/net: Multiple HTTP/2 enabled web servers (Rapid Reset Attack)	golang.org/x/net/http2: Multiple HTTP/2 enabled web servers (Rapid Reset Attack)
References		https://pkg.go.dev/vuln/GO-2023-2102

Wed, 04 Sep 2024 17:00:00 +0000

Type	Values Removed	Values Added
Description		No description is available for this CVE.
Title		golang.org/x/net: Multiple HTTP/2 enabled web servers (Rapid Reset Attack)
References		https://nvd.nist.gov/vuln/detail/CVE-2024-8421 https://www.cve.org/CVERecord?id=CVE-2024-8421
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Important`

Subscriptions

Redhat Openshift Data Foundation

MITRE

Status: REJECTED

Assigner: redhat

Published: 2024-10-01T05:47:37.504Z

Updated: 2024-10-30T21:32:31.426Z

Reserved: 2024-09-04T13:56:20.007Z

Link: CVE-2024-8421

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2024-10-01T06:15:02.357

Modified: 2024-10-30T22:15:03.503

Link: CVE-2024-8421

Redhat

Severity : Low

Publid Date: 2024-09-04T12:00:00Z

Links: CVE-2024-8421 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Attack Vector Physical

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact None

User Interaction Required

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object