Incomplete Protection in Rapid Reset for Red Hat's ose-olm-catalogd-container

CVE-2024-12698

6.5MEDIUM

Key Information

Vendor: Red Hat
Vendor: CVE Published:; 18 December 2024

Summary

CVE-2024-12698 represents a security vulnerability concerning the ose-olm-catalogd-container, identified by Red Hat. This issue stems from an inadequate resolution of the Rapid Reset Vulnerability (CVE-2023-39325/CVE-2023-44487), where the focus was solely on unauthenticated streams, leaving authenticated streams vulnerable. As a result, the protocol does not fully secure all data streams, exposing systems to potential unauthorized access and manipulation by malicious actors. Users of affected versions are strongly encouraged to apply the latest security updates to mitigate risks associated with this threat.

Refferences

https://access.redhat.com/security/cve/CVE-2024-12698

https://bugzilla.redhat.com/show_bug.cgi?id=2332674

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 18, 2024

Collectors

NVD Database