CVE-2024-45387: 
Linux openSUSE vulnerability analysis and mitigation

A critical SQL injection vulnerability (CVE-2024-45387) was discovered in Apache Traffic Control versions 8.0.0 through 8.0.1. The vulnerability affects the Traffic Ops component and was discovered by Yuan Luo from Tencent YunDing Security Lab. Apache Traffic Control is an open-source implementation of a Content Delivery Network (CDN) that became a top-level project by Apache Software Foundation in June 2018 (Hacker News).

The vulnerability has been assigned a critical CVSS score of 9.9 out of 10.0. It specifically affects the Traffic Ops component and allows privileged users with roles including 'admin', 'federation', 'operations', 'portal', or 'steering' to execute arbitrary SQL commands against the database through specially-crafted PUT requests. The vulnerability has been classified under CWE-89 (SQL Injection) and CWE-285 (Improper Authorization) (NVD, Security Online).

The exploitation of this vulnerability could lead to severe consequences including data breaches, unauthorized access, and potential complete system takeover. Given that Apache Traffic Control is used for building large-scale content delivery networks, a successful attack could compromise sensitive data and disrupt critical services (Security Online).

Users are strongly recommended to upgrade to Apache Traffic Control version 8.0.2, which contains the fix for this vulnerability. This is currently the only confirmed mitigation strategy (Hacker News).