CVE-2024-8096
When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.
System detected CVE-2024-8096 with a risk of 3.45
System created a ticket for CVE-2024-8096
Everything after this entry will be synced with the external system. The ticket can be found at https://github.com/l3montree-dev/devguard-action/issues/112
- S
Sebastian Kawelke updated the risk assessment from 3.45 to 3
Confidentiality Requirement updated: high -> low, Availability Requirement updated: low -> high
- S
Sebastian Kawelke updated the risk assessment from 3.45 to 3
Confidentiality Requirement updated: high -> low, Availability Requirement updated: low -> high
- S
Sebastian Kawelke updated the risk assessment from 3 to 3.45
Confidentiality Requirement updated: low -> high
- S
Sebastian Kawelke updated the risk assessment from 3 to 3.45
Confidentiality Requirement updated: low -> high
System fixed CVE-2024-8096
System fixed CVE-2024-8096
System detected CVE-2024-8096 with a risk of 3.46
System updated the risk assessment from 3.46 to 3.45
System recalculated raw risk assessment
Add a comment
Affected component
debian/curl