Openshift Console Flaw Allows Data Exposure Without Proper Credential Verification

CVE-2024-7128
5.3MEDIUM

Key Information

Vendor
Red Hat
Status
Red Hat Openshift Container Platform 3.11
Red Hat Openshift Container Platform 4
Vendor
CVE Published:
26 July 2024

Summary

A flaw was found in the Openshift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification.

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Risk change from: null to: 5.3 - (MEDIUM)

  • Vulnerability Reserved.

  • Reported to Red Hat.

  • Vulnerability published.

Collectors

NVD DatabaseMitre Database

Credit

This issue was discovered by Thibault Guittet (Red Hat).
.