CVE-2024-56330: Session VNC may be accessed by other sessions on the same host in stardust

9.3 CVSS

Description

Stardust is a platform for streaming isolated desktop containers. With this exploit, inter container communication (ICC) is not disabled. This would allow users within a container to access another containers agent, therefore compromising access.The problem has been patched in any Stardust build past 12/20/24. Users are advised to upgrade. Users may also manually disable ICC if they are unable to upgrade.

Classification

CVE ID: CVE-2024-56330

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.3

Affected Products

Vendor: spaceness

Product: stardust

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://github.com/spaceness/stardust/security/advisories/GHSA-h2c9-7j2r-m98p

Timeline

2024-12-21 00:30:43 UTC
CVE

Session VNC may be accessed by other sessions on the same host in stardust