Stork

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:isc:stork:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorIsc (4a2f2b37-98b6-5702-822d-72afcd17d050)
ProductStork (5ca7b772-1081-51ac-871b-8ea77421fb08)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-8696 vulnerable 2026-06-03 15:13:44.527509 DoS attack against the Stork UI from an unauthenticated user
HIGH (7.5)
If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server. This issue affects Stork versions 1.0.0 through 2.3.0.
Published: 2025-09-10T17:59:52.878Z
Updated: 2025-11-04T21:15:10.942Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-28872 vulnerable 2026-06-03 14:55:26.087175 Incorrect TLS certificate validation can lead to escalated privileges
HIGH (8.9)
The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service (Kea or BIND 9), possibly resulting in confidential data loss and/or denial of service. It should be noted that this vulnerability is not related to BIND 9 or Kea directly, and only customers using the Stork management tool are potentially affected. This issue affects Stork versions 0.15.0 through 1.15.0.
Published: 2024-07-11T14:49:12.156Z
Updated: 2025-03-26T14:40:49.861Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.