CVE-2024-7079

EPSS 0.33%
Published 24.07.2024 16:15:07
Last modified 21.11.2024 09:50:50
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Openshift Container Platform Version3.11

Redhat ≫ Openshift Container Platform Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.33%	0.554

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secalert@redhat.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://access.redhat.com/security/cve/CVE-2024-7079

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2299678

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2024-7079

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7079

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7079

EUVD