CVE-2024-38368

CRITICAL Year: 2024
CVSS v3 Score
9.3
Critical
Weakness Type
CWE-668
View all →

Vulnerability Description

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all owners removed from a pod, and that made the pod available for the same claiming system. This was patched server-side in commit 71be5440906b6bdfbc0bcc7f8a9fec33367ea0f4 in September 2023.

Related Vulnerabilities

CVE-2018-4048

CRITICAL
CVSS:9.3(Critical)

An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite execu...

CWE-6682018

CVE-2019-1848

CRITICAL
CVSS:9.3(Critical)

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability i...

CWE-6682019

CVE-2007-3915

CRITICAL
CVSS:9.1(Critical)

Mondo 2.24 has insecure handling of temporary files.

CWE-6682007

CVE-2009-5042

CRITICAL
CVSS:9.1(Critical)

python-docutils allows insecure usage of temporary files

CWE-6682009

CVE-2017-5648

CRITICAL
CVSS:9.1(Critical)

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the...

CWE-6682017

CVE-2020-16263

CRITICAL
CVSS:9.1(Critical)

Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins.

CWE-6682020