Required CVE Record Information
Description
A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification.
CVSS 1 Total
| Score | Severity | Version | Vector String |
|---|---|---|---|
| 5.3 | MEDIUM | 3.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Product Status
Learn moreVersions 1 Total
Default Status: unknown
affected
Versions 0 Total
Default Status: All versions are unknown
Versions 0 Total
Default Status: All versions are affected
Credits
- This issue was discovered by Thibault Guittet (Red Hat).
References 2 Total
- https://access.redhat.com/security/cve/CVE-2024-7128 vdb-entry
- bugzilla.redhat.com: RHBZ#2300037 issue-tracking
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 2 Total
- https://access.redhat.com/security/cve/CVE-2024-7128 vdb-entryx_transferred
- bugzilla.redhat.com: RHBZ#2300037 issue-trackingx_transferred