OpenShift Vulnerability: CSRF Flaw Allows WebSocket Creation
CVE-2024-1342

Currently unrated

Key Information:

Vendor: Red Hat
Status: openshift; Red Hat OpenShift Container Platform 4
Vendor: CVE Published:; 16 February 2024

Summary

A flaw was found in OpenShift. The existing Cross-Site Request Forgery (CSRF) protections in place do not properly protect GET requests, allowing for the creation of WebSockets via CSRF.

References

https://access.redhat.com/security/cve/CVE-2024-1342

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2259960

issue-trackingx_refsource_REDHAT

Timeline

Vulnerability published
Feb 16, 2024
Vulnerability Reserved
Feb 7, 2024

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Cyber Controls team (SIX Group) for reporting this issue.