Forklift Controller Vulnerability: Missing Authorization Header Security

CVE-2024-8509

7.5HIGH

Key Information

Vendor: Red Hat
Status: Migration Toolkit For Virtualization 2.6
Vendor: CVE Published:; 6 September 2024

Summary

A vulnerability was found in Forklift Controller. There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs. The presence of a token value provides a 200 response with the requested information.

Affected Version(s)

Migration Toolkit for Virtualization 2.6 <= 2.6.6-2

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 7.5 - (HIGH)
Sep 6, 2024
Reported to Red Hat.
Sep 6, 2024
Vulnerability Reserved.
Sep 6, 2024
Vulnerability published.
Sep 6, 2024

Collectors

NVD DatabaseMitre Database

Credit

This issue was discovered by Andrew Block (Red Hat).