{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-37163", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-06-03T17:29:38.329Z", "datePublished": "2024-06-07T16:09:07.437Z", "dateUpdated": "2024-06-07T16:09:07.437Z"}, "containers": {"cna": {"title": "SkyScrape Secure API Requests", "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "lang": "en", "description": "CWE-319: Cleartext Transmission of Sensitive Information", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j"}], "affected": [{"vendor": "oslabs-beta", "product": "SkyScraper", "versions": [{"version": "= 1.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-07T16:09:07.437Z"}, "descriptions": [{"lang": "en", "value": "SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version 1.0.0."}], "source": {"advisory": "GHSA-vfqg-qhm5-5m3j", "discovery": "UNKNOWN"}}}}

{"descriptions": [{"lang": "en", "value": "SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version 1.0.0."}], "id": "CVE-2024-37163", "lastModified": "2024-06-07T19:24:09.243", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-06-07T17:15:51.230", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}