Path Traversal Vulnerability in OpenShift Console by Red Hat
CVE-2024-7631

4.3MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Openshift Container Platform 3.11; Red Hat Openshift Container Platform 4
Vendor: CVE Published:; 19 March 2025

Summary

A security flaw has been identified in the OpenShift Console, which allows authenticated users to exploit the /locales/resources.json endpoint. By manipulating the lng and ns parameters, an attacker could potentially construct unsafe file paths leading to unauthorized access to sensitive JSON files on the console's pod. This vulnerability could enable an attacker to bypass access controls and retrieve files that should be restricted.

References

https://access.redhat.com/security/cve/CVE-2024-7631

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2296053

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 19, 2025
Vulnerability Reserved
Aug 8, 2024