CVE-2024-28872

Name of the Vulnerable Software and Affected Versions Stork versions 0.15.0 through 1.15.0

Description The TLS certificate validation code is flawed, allowing an attacker to obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once connected, the attacker can send malicious commands to a monitored service, possibly resulting in confidential data loss and/or denial of service. This issue is not related to BIND 9 or Kea directly and only affects customers using the Stork management tool.

Recommendations For Stork versions 0.15.0 through 1.15.0, update to a version that includes the fix for the flawed TLS certificate validation code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.