Openshift Console Flaw Allows Data Exposure Without Proper Credential Verification
CVE-2024-7128
5.3MEDIUM
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Openshift Container Platform 3.11
- Red Hat Openshift Container Platform 4
- Vendor
- CVE Published:
- 26 July 2024
Summary
A flaw was found in the Openshift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification.
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: null to: 5.3 - (MEDIUM)
Vulnerability Reserved.
Reported to Red Hat.
Vulnerability published.
Collectors
NVD DatabaseMitre Database
Credit
This issue was discovered by Thibault Guittet (Red Hat).