CVE-2024-7079

EPSS 0.33%
Veröffentlicht 24.07.2024 16:15:07
Zuletzt bearbeitet 21.11.2024 09:50:50
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Openshift Container Platform Version3.11

Redhat ≫ Openshift Container Platform Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.33%	0.554

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://access.redhat.com/security/cve/CVE-2024-7079

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2299678

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2024-7079

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7079

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7079

EUVD