Version: latest

CVE-2024-24790

CVE Details

CVE-2024-24790

Last Update

11/7/2024

NIST CVE Summary

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.

Our Official Summary

This vulnerability is reported on some of the 3rd party csi images and coredns images from Kubernetes. This CVE requires a network-based attack vector. We will upgrade the images when the fixes are available from the vendor.

CVE Severity

9.8

Status

Ongoing

Affected Products & Versions

Palette Enterprise airgap 4.4.14, 4.4.18, 4.5.3, 4.5.8
Palette VerteX 4.5.3, 4.5.8
Palette Enterprise 4.5.3, 4.5.8

Revision History

1.0 08/06/2024 Initial Publication
2.0 09/17/2024 Added Palette Enterprise airgap 4.4.18 to Affected Products
3.0 10/10/2024 Added Palette Enterprise airgap 4.5.3 to Affected Products
4.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products
5.0 11/7/2024 Added Palette Enterprise, Palette Enterprise airgap, and Palette VerteX 4.5.8 to Affected Products

CVE Details​

Last Update​

NIST CVE Summary​

Our Official Summary​

CVE Severity​

Status​

Affected Products & Versions​

Revision History​