CVE-2024-7079
Last modified
CVE-2024-7079 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. EPSS estimates a 0.36% chance of exploitation in the next 30 days.
Description
A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openshift Container Platform | 3.11 |
| Redhat | Openshift Container Platform | 4.0 |
References
- https://access.redhat.com/security/cve/CVE-2024-7079Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2299678Issue Tracking
- https://access.redhat.com/security/cve/CVE-2024-7079Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2299678Issue Tracking
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-7079?
How severe is CVE-2024-7079?
How do I fix CVE-2024-7079?
Are you affected by CVE-2024-7079?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST