{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-37163","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2024-06-03T17:29:38.329Z","datePublished":"2024-06-07T16:09:07.437Z","dateUpdated":"2024-08-02T03:50:54.803Z"},"containers":{"cna":{"title":"SkyScrape Secure API Requests","problemTypes":[{"descriptions":[{"cweId":"CWE-319","lang":"en","description":"CWE-319: Cleartext Transmission of Sensitive Information","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H","version":"3.1"}}],"references":[{"name":"https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j","tags":["x_refsource_CONFIRM"],"url":"https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j"}],"affected":[{"vendor":"oslabs-beta","product":"SkyScraper","versions":[{"version":"= 1.0.0","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2024-06-07T16:09:07.437Z"},"descriptions":[{"lang":"en","value":"SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs.  SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data.  This affects version 1.0.0."}],"source":{"advisory":"GHSA-vfqg-qhm5-5m3j","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-07-11T19:36:14.431973Z","id":"CVE-2024-37163","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-12T16:11:47.886Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T03:50:54.803Z"},"title":"CVE Program Container","references":[{"name":"https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j","tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j"}]}]}}