CVE-2024-45794

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-45794

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45794.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-45794

Aliases

Downstream

SUSE-SU-2024:4042-1

openSUSE-SU-2024:14482-1

Related

Published

2024-11-07T17:42:58Z

Modified

2025-10-13T04:36:06Z

Severity

8.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L CVSS Calculator

Summary

SQL Injection in CreateUser API in devtron

Details

devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user (with minimum permission) could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API (/orchestrator/user). This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

References

https://github.com/devtron-labs/devtron/security/advisories/GHSA-q78v-cv36-8fxj

Affected packages

Git /

Affected ranges

Database specific

unresolved_versions

[
    {
        "type": "",
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "0.7.2"
            }
        ]
    }
]