Path Traversal Vulnerability in OpenShift Console by Red Hat
CVE-2024-7631
4.3MEDIUM
Summary
A security flaw has been identified in the OpenShift Console, which allows authenticated users to exploit the /locales/resources.json endpoint. By manipulating the lng and ns parameters, an attacker could potentially construct unsafe file paths leading to unauthorized access to sensitive JSON files on the console's pod. This vulnerability could enable an attacker to bypass access controls and retrieve files that should be restricted.
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved