Strix
26.1K

CVE-2024-43379

LOWCVSS 3.1/10EPSS 0.27%

Last modified

CVE-2024-43379 is a low-severity vulnerability rated 3.1/10 on the CVSS scale. TruffleHog is a secrets scanning tool. Prior to v3.81.9, this vulnerability allows a malicious actor to craft data in a way that, when scanned by specific detectors, could trigger the detector to make an unauthorized request to an endpoint chosen by the attacker. EPSS estimates a 0.27% chance of exploitation in the next 30 days.

Description

TruffleHog is a secrets scanning tool. Prior to v3.81.9, this vulnerability allows a malicious actor to craft data in a way that, when scanned by specific detectors, could trigger the detector to make an unauthorized request to an endpoint chosen by the attacker. For an exploit to be effective, the target endpoint must be an unauthenticated GET endpoint that produces side effects. The victim must scan the maliciously crafted data and have such an endpoint targeted for the exploit to succeed. The vulnerability has been resolved in TruffleHog v3.81.9 and later versions.

Metrics

CVSS 3.1
3.1/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS Probability
0.27%

18.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
TrufflesecurityTrufflehog< 3.81.9

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-43379?
TruffleHog is a secrets scanning tool. Prior to v3.81.9, this vulnerability allows a malicious actor to craft data in a way that, when scanned by specific detectors, could trigger the detector to make an unauthorized request to an endpoint chosen by the attacker. For an exploit to be effective, the target endpoint must be an unauthenticated GET endpoint that produces side effects. The victim must scan the maliciously crafted data and have such an endpoint targeted for the exploit to succeed. The vulnerability has been resolved in TruffleHog v3.81.9 and later versions.
How severe is CVE-2024-43379?
CVE-2024-43379 has a CVSS score of 3.1/10 (LOW severity). The EPSS model estimates a 0.27% probability of exploitation in the next 30 days.
How do I fix CVE-2024-43379?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-43379?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST