Login Sign Up

CVE-2024-2243

7.6 HIGH
Remote Code Execution Authentication Bypass

📋 TL;DR

CVE-2024-2243 is an OS command injection vulnerability in csmock that allows authenticated users with Kerberos tickets to execute arbitrary commands on OSH workers and steal the Snyk authentication token. This affects systems running vulnerable versions of csmock with OSH service enabled. Attackers can gain unauthorized access and potentially compromise the entire OSH infrastructure.

💻 Affected Systems

Products:
  • csmock
Versions: csmock versions before 0.10.0
Operating Systems: Linux distributions including Fedora, RHEL
Default Config Vulnerable: ⚠️ Yes
Notes: Requires OSH service to be enabled and accessible to users with valid Kerberos tickets.

📦 What is this software?

Csmock by Csutils

View all CVEs affecting Csmock →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full compromise of OSH workers leading to lateral movement, data exfiltration, and complete system takeover across the OSH infrastructure.

🟠

Likely Case

Unauthorized command execution leading to Snyk token theft and limited system access on affected workers.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege access controls are implemented.

🌐 Internet-Facing: MEDIUM - Requires Kerberos authentication but could be exploited if OSH service is internet-accessible.
🏢 Internal Only: HIGH - Any authenticated internal user with Kerberos ticket can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires valid Kerberos authentication but command injection is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: csmock 0.10.0 and later

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2024-2243

Restart Required: Yes

Instructions:

1. Update csmock to version 0.10.0 or later using your package manager. 2. Restart OSH service and workers. 3. Verify the update was successful.

🔧 Temporary Workarounds

Disable OSH Service

linux

Temporarily disable the OSH service if patching is not immediately possible.

systemctl stop osh-service
systemctl disable osh-service

Restrict Kerberos Access

linux

Limit which users can obtain Kerberos tickets for OSH service access.

Modify Kerberos principal ACLs to restrict access

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate OSH workers from sensitive systems
  • Apply strict least privilege principles and monitor all user activities with Kerberos tickets

🔍 How to Verify

Check if Vulnerable:

Check csmock version: rpm -q csmock or dpkg -l csmock

Check Version:

csmock --version

Verify Fix Applied:

Verify version is 0.10.0 or higher and test OSH service functionality

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution patterns in OSH worker logs
  • Failed authentication attempts to OSH service
  • Unexpected Snyk API calls

Network Indicators:

  • Unusual outbound connections from OSH workers
  • Snyk API calls from unexpected sources

SIEM Query:

source="osh-worker.log" AND (command="*;*" OR command="*|*" OR command="*`*" OR command="*$(*")

📊 Metadata

CVE ID: CVE-2024-2243
CVSS v3 Score: 7.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
CWE: CWE-78
Published: April 10, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-2243, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)